last executing test programs: 1m17.878423721s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 1m15.179883107s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 1m3.965936277s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 1m3.282752957s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 50.649464072s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 49.868320435s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 36.802963398s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 35.966919791s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 22.708705361s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 22.051298049s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 6.742410471s ago: executing program 2 (id=1890): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 6.294284561s ago: executing program 0 (id=1914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @empty}]}, 0x40}, 0x1, 0x0, 0x0, 0xba01378711f07ce9}, 0x40) close(0x3) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x34, r3, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e24}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0xfffffffffffffca8, 0x1, 0x7}]}, 0x34}}, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 2.645787089s ago: executing program 3 (id=2418): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000600000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) 2.276448194s ago: executing program 3 (id=2422): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4800000010004b04feffffff000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000abcd00140012800b00010062726964676500000400028014000300"/48], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000085}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000002700), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4c010}, 0x8080) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000070000100000000000000000007"], 0x30}}, 0x24004001) syz_init_net_socket$rose(0xb, 0x5, 0x0) (async, rerun: 64) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000001980)=[{{&(0x7f0000000000)=@ethernet={0x306, @multicast}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000100)="baf35e380d7ed0b044d49443cb5bd355cb19c016350974e6d4fe4751019d6def74b3c0ecc66bf4cb0f84f7e597c18a93f2e90e576f4d7bcb6d96670005acb4715013c7a8949e603f0d32a4bd8cca53a241b4d5f96f0ef1194f434c78d4a4ed6cf6b43c87b3394e29df62ffba54147b29b7bbba09d870e610b0cd7a9ed013d4acaea128f4282a298bee620691ff05bd6c303ad122b2", 0x95}, {&(0x7f0000000300)="3846cb0ba4f2fca95759c1d118722e9acd8f92ce0ed3ae96152458cc3229f3e7b484daa06b746766e96af26d4d6d23fe1b6184af10a7106dd6d3fc5964b3e9f1bb1cbbd94c7031eff841e4394289a62f0ab5c42881acfbf0590ca5d6802a5af3e7d09c920372066bbc0762ec4e50210877b2ad34ca9f0d398d3dd102dd1194bed7650e9870ce", 0x86}, {&(0x7f00000003c0)="a164486caa04425f32825ed18ff756bd285a240e9d7ab3dd0185f2fe65dea8062141f760b69b3192631a91f3c5621088d78804e32bde0567b1caa19db2c94a69da4b25cd13b5f8c03421864f0d4f5673c2e9c0020ec7589842fc5cdb68430597b5cf3484d487919fea9650fb6e603ced84730c3d867e5139741546b401f91ca596c3a58335960314dba5026c9441d96c786a418bfeb4895b51296b07d0280df44d3870b996b207c3d8b608bc547b9e83f3041359ae40a5d98d55476daf6de0ccdda8254aab089ccbc8335a6a6afbed5f36ec3615632222842a5d51", 0xdb}, {&(0x7f0000000080)="bf00e434f2e74b7fd0252c6943abdca84806d7b4fbd541c9d585437b9a33c5", 0x1f}, {&(0x7f0000000500)="8322364aa93981c3dc88e56875fba7995ac61e8f244e5879e55552e5d2144b33bbf0c6c977567c9639bca7e801b21e9f48cd9a1d74b09806e6adf4fad65a1d03e6109682b4dc23dafbf495fc710795642af0802e41f98af708852323bdfcc40933afaf2bf6d9d7dc9028931d65fc35eea60c3f81009ff42706eb9bfdb0dfb050b52d07aa9ec68c83dd32a21008a43ad07b8f33b4744fe546615379", 0x9b}, {&(0x7f00000001c0)='8', 0x1}, {&(0x7f00000005c0)="1e7bda2893eb5a0b7d7f83fadfc9af5711e09fa762d43e77861b90012940ace72d3d823a2e07df1f544d2b1b9d1a9d005b12b93140e297d4d84c67145347210804a944fdf0b217f86b25884434e459b0671bdb32335400ccd4b8134392b3f8440168f93fe53709f28b424333dd3797dc86e9349bf59e7fb5d5569965f4e87e9409a83654580d3e0ed7fee1c36d58d99171f1236a3e4c33ccbf1aee6d6f2602341beb3f7d284ab41a7894070fe75bd5e9eda81772b388e89464642949e336c9725d2b338459bc7a6657b21b14baec6458be4da6aab7d8628227f9fb0d0356309d6df51d3132584298df6060c06788d9b9113389a42d3d4d7fcf54d9530e151b", 0xff}, {&(0x7f0000000240)="6a6d0f1968e7a387f6b074fb7769022d4332c0d6e8b7e7e5c288929599e3dbe56831464d6b8f73f57ccdefaeb3b825b3bcd474a31c25d4564648c133de438391a8bc461b8899", 0x46}], 0x8}}, {{&(0x7f0000000740)=@nfc_llcp={0x27, 0x0, 0x1, 0x6, 0xe, 0xea, "c785b70b9db0a99e18738c51603baf2400bbe0bd2632f1d067bed2d920405186c52ad4b5aa6ccb58d8836b8fe7851ea0c4518ccb79bd70f4906bb676789cc2", 0xe}, 0x80, &(0x7f0000001900)=[{&(0x7f00000007c0)="c64f4d3e9b6bab6a7d0b3497e198369011cefcda60d0e23dfde80282798bfe3e12cc4c2ac6664875dd2a2235a32241f1940a6b29ab1aad4b24cbbbe2a6b53818063693b5bb7dc44e986f3cc50fac7e2932e37b405c6eb738069cce9f40f465179f8b0a6083bbb9a8aa2694", 0x6b}, {&(0x7f0000000840)="0e51fe7cd44de1f87638a1d865dc855d584d39068c23d42c1da4", 0x1a}, {&(0x7f0000000880)}, {&(0x7f00000008c0)="5851d5be35ddfa81183cc311f8f7e08e03a76f02409b6ec6cf2acbd0de6d2bf1b9b34e580183372d60e8d92eaa09a530b7358392241a2a5df1736de44920ebd8a5f792e19e8c574d3e9dbb3bcfe06332b3fe92aa268854a4cde733d95fee6abc0bef7cd7b56fca52841e02f4e754efa44890388a2e8be054e96b8bdc66039c9a4c0d5d5291917279a2424704f56832d737b646e624954054b961d2079038d6d2993c4ce9cb2dee34be21074e1b469fe26f74bd542459961b40b07f40b6fa60ce00ed337eca9ac5a2d8993786175338c33467bd9747a48a3fa580ab64c7022399b1df7df73e25743ea71d0168733ba3bdf271d42575d05be44fa7d50fcd820eb7b69be61867ece43cb5f65dedeeec68a786a6d0a5120f30089634dc20586365efa76c8f1289374be2c24693cdfd219fecc7a26a353ec40bc9c2f9ccb513123bec7e22c4f787a0e7190ba52c939805f55f7bc21d6637e5d418801de13ecc789caa4e3c97d317b5cad5707f4ac6dcbcbcc3fee6717c14020604d5a1e76cf2b537e6b05499c1b3623da7daa177288c10a1b40ed85ebd8d41b5723482ff6e36e739999509906726761c057f8e167c745c91af5504cc346fe9cdb3854bec810b8c3a2f4d25eb35f0e7900a611aae8a9d6b0f6339c63c80bd6606700d56a46b1df9ec6e534535ba71a8756d7da368ade6418d22d8c3acc922048cbcb38448239d175ee4ae877b3f4e21ea0930747290f2743847cfbcd179ce226aa88a4d6699b2fe99e7d0b8894ce66e7ee7419dd0abbf9957ca0747f799720df2058b6c6d27c6043cae3ec61e3f8320bd820164d132919870943ab729501b5ccd05bde7609057124e4db1518053433166ed54442fd936ad06a051bd3ed86f857c9aff3c4f293408ae76774c3f73004b3066ecafcf917697e6ee1b34e6bedbddbf2f1a4886c04977e947aca0b9fd4ae48ff40ff0becf4e9a19ec9727b4b6f07b1beaecb267766ade189c9ed1dc81a4393c52d1883fd4d5fb3083c085af1ac1d03c7a76ecf6158d39065b719719ce122fdfa9b2545b99d450d02324992c594fb1fd2fce4faaf9e5bd13265e25ad78f710384bdebbd364693cfacd586bdba099e53c2ab9afb4298a52423934023b9c1493c44241c2d47eedebc1cd4f8e4fd1f170ae2368ec0198ade33309aa853f36bfe74b9a238cd4e06369c12e2012ec930fde050d2ad6739fb4a050262f20d0903dff9882fc1bd54f7dc0bad4f382f69362743afd213164883d9c9cae0ce1d0c80fba683ee0920a4d4bd4f57618e2817d380c14f25fb965e3a4b1846511df2b6e5ec3f7cbd547db1ec63fd76409c907f1e21efc1012f12f8b47eb4467292ffbcb6cba508b693779443327a21683104ef083aa3e12f4b9f4318a0de1e0d75947637cfe78171bed1583252fee1434d055a610c8a1142cb2c392800de9652db50152d06cb77cbde5cb1e55776c682b2a591c62c5c4be97cb3cdef0a36c47f344a1cb8729f09e45673952949ab67c007083f8021b04d298e62ef277d95914138448c17967dd2bc6d19ae8d93b060bcc574f613a4ca4ff1f6baf72f8c14e70b59c523bb5fae735819c676614ede720e200999eb3a7a823d062b4884d16a88b8d7dcedc02e05b7c9bf2dd24219466a4f6047a43d502c0f3aa4dbad0518782333c3621049ef58e165731ebf77c1445be1c3a3046ca2cc8b5b235d73231148c88b68a1c4a22490c515442cb65384d8b962567086b50e85450c8b960ad4de19d1962c2844e3cb4102ac1c44a6bc970fbfd15be1722413c2e925fa2ae5ffb0e779ab5edcd9f8b9fbdb104eb81112c9afa818de26cf1cdeb56a42f255b36fd6d130b3a07abfd569e179547d69f12da21272ccda35e629cc4a4668b3c7cc78b9bf52813193e9627e2c4b726f480024247fd7eae40de98737696ab7a71ca80a5ed62643179cf4672739782baf2d019aff28ea7dc903ceb20f225a0e535c5f2b857261b231d9dae3278eaeae5a4e0a2730fe4f71adc4ebf4cb004c4689c8b8a08549d1129353a3a2a219ce37f7f2e1d3a13b5a34629ca31e3a303b8eccbd1a097cc3a74deedcb6e4663aec4d0888554f3ece97f0aac1e7fbe5d472d83b9ca0801d5fc9877f5301726b82735e3d207ab814358b6fbe440bc5a51a66fe426a7ef1c4dd60ddd402d76e6380703da3ac0749ed2738164bcdfafbe87afd0a23476c8fd710223b089add8ab1e77c0dba96a8e5d9f83961c89f82fa894b10c4e3b08291fbc01ff851406db6114dbc053a1bfa2f67aaf29f868bf4f5fc9f7f069e986000f2bad2b33af92ae042af35491468f1ff712558d8e8a96320b36322f4ef7d1c0bd1b3981eb7d5cc41510916b081e875a8c6fd3268ba7169fc9364a83d11396587bcd24f87c629ec8262adbcb95038465c60e606a6879967587cf20bc4f2ef226de88846b3f9864802ccad884555331e58d7eec1d75788b7e16ef867f278510d36a9b7776fcd88920601ad9e22060ddeb9d687af29cf238051ae6acd1839ea35832047694ed1de9dfb2e967fea1cf1d2303610bf2470d87f8a2aeeeba39b16df2892b5a290b810602f8cad904126e99af168807278bb9f4fec1006f3f7a3c56b870fbb8e659a0d735e3b8bf72d099a6d29a1bb916bd9d3747178fa73a620101bab06e156417c5084aee1d7afbdceafbb29b0aac3a0d9fa1609a5bce237aec7c8c8d0b1d90953a88ecd023cb7905ee09ace1e448072449e0f988b9771ca784e613f58197e73fca3d3d828ded71775116d99f784bd3385bfb113fbdd6553d5f832a52287391e438bf08e91e52dbaf1f48a1186d3061fc7b848572516bbdba1b46ea3db499103b1226bef600da6c23072783e24f9292534b98d6d064de427eabebe6403b79a427d72d6327b7ca2b51b1bcde6ce8a7bdbdb84fcc82b5a254c97370b5f03ed6eadf127cce5b5072be42bf0560de72ab65d62a00c55f3ff85cbddc769b8513217f1dbbd11ab7e836521281e7d8fbc8b2b4ca9a5d32868a28a3997788c31f70289657eb131e801e9381752376a08d24ef7920f674c6d29eed1d3053b3f8249d2d5dc4ba784d7e111baacce47bda2c10a239198e6a3080812f1ab50e182968e3e3cd1c2b25410d6379cbbe6626dd8ea5aa8f50ff1a9d07797e575afd5226044da47f83cb09ff3b3211679bcc7f7b3ca8b6021c7a6acb3f1c4ea0d281e005bd52ef1bde583f999503bd73dc4275d25910db25b751b2eff44183ab80ba5fa35007470ff4f113bf00ab3074450310b1f5a0a5e21dbe4cb4334773195a44d79a67f053e75622387b975a39f8a8fa59fe33dd5c4c626b9192bde2cf9944529270fc56e9a73e5f4a60e0392118bd9bc81404ff05bd7156c1eb0163bab9f1b6da1adc725d9fd1b3790f1cee88c973b79b8c252b6370a4dfe3b5cc6ed8cd32e215ffcbe84efbfa27f86d91aca2ff8bc902ca812cc5b816b9b9394eee5095e6239debd6e4f7fcd9f1c44de940f400b35ce0b24421faa16b54733cd0b59edbcdc021d74ba309c154584a08ba81755a4256b0ed30b188b11f242ba45a0a568c5418590c8659384c3ca5663bef0a95538edc2dc1e905591465bf52c8530d2064f8c2556b53f0f81bf0f48f357de2b2fbfc9693ff1c9cda7f6aef03537cd6016ed4c82d63d968318a1addc735d385232238a2e5ef0897514f62daa7aacd0218f313eee496b2cded985f88298793984ff3a16bd675bf8ee83cf3d6351ac5be7ba0c4a881084f7ea42d949fbae8a2cb8f0c6aad944602842f1a58207ffcc5bf42513de36c8bcbfb15438220ad3f063f2d1a8c3843f372764d2425faed58ad89095fdc026588dda2abe273e7d4702184416317cdfb98b48898c19636244bd811e38e773c1f00236db8518c7e72f35a643613fe4360aefc3b1c2ab8c91f1da6a79ea5adf54ed58a5d0e4c6b9771aab576b42271cff3851d289352daa6d6e7bd1e244b62a60695a5ccd3763f8a00602cccd8decb1fa0e310fe80481a0a9296aefb390df94fbc984cc01c5d4a73ef3e868e3d9d3b53446a0b906a4e0485a906512126f6a318a7a342f7b230a8a2743cae8a76f53689c03ea78ef3a4e911771ec81743cfae010e267c079ddd2e079536c6f633c1a4d55977a9f560c1ece153ed3015e4e9504248fc36566b863c909c1656feb7ea4c96e1a069284877af13b36b21d6d9716d1fa93f4a5b1e8b836f5bcd91cfa2c6faa4166a88e2601d3935d3d5d4dc3d3219f1e8d80b11286a741046413961db564513c8442b87dd5c306f343f62323269f614422b964a361752b036b0c949a72a6fb0c0d0015015250524d1bf98060b9a450ebbc96a14246c449ff4bf27b21fd8a743594bb79f6e3ecbb2c6d115caa8a59eecf6eb861ac0d5a165134c1823567b63a93cec49d4713b8176184949dc1b92b59460cac344dca7f36bc09811e775b4d3d1da91a99c0b18effa6bc74aceee6eb88bf4132f9fa9e3997947f4017b12406542002ac3568708cd315a120cc764078ad23833dfdb7f7a9fb317267254381d8c3632509388a5ce60e33b69196ff2cad8312c946d56c0a7ffd99b470370ca7bdd439569ce32971161b98a208c0c6f666e7cad66e82c10f5bcf31d75a163e8a8dfae38ea5c3a2c808af40c0b007bb3183ab29f944041cb607ddeae3b7e8f4dbfa23a08b5a2e46e5c124009e339d2a8842dd5399d73ac33890dd995f344d969236841a76f5103d6bba368eacdd10b409714c7437db86ff1fabd3da620354cdea7e8ff9bf226a345789ec082baf4b7c90471b27fc74a5821ddd3f320cdbffeff8c62a91a7ef25697b74ec9527db63533d75bd966805e7c124ba2ef5b979422adba8d586f0511afe8c4ee2b10f5f03b880c8f22da4deadfb4d27bbc70e0a14a659f5bce3c44c34a2984ff48ba6847984adc3633d9744746b84e71d420e9f38f642854986fd32260fbaab977f8645e4740797ceb6a11706c10c619f7ef5116bfcd143cc8f3575c48eefcd60fe04e8b864c38ea28aa6e40c8c06911270b630ab765ffaf1b5208bc88b87a743149d0125700bade4c795210c06ff2cc6d0d9ab3db99a328433fc180d3ca6cbee0af69cf810b83145019b2807a6d4acbeaaa232ead6186aadc0b6f0496cc226af17c085367b6d5bc2b2a323d5dbb9829d5704b039be138b531838017607e2701a5b3b8d3cb99449a1d72849317c3db5643887a2fd50eda1bb5241e20ccbbddfd69c070623cc84ca68444f61fd18489290178281946b7ecb6cc0f24225c1b35489406b9bcbcdc1b34bb980088a0f11cefc0e0cb50bd4d1ead11c58210535fa849dc9c6bb7e2fe1cb448ac9e73cb449523006cf9df7187a5bb7d162d68f874ddf7730afc197ac757e675fbd332dbc38db0ed3653a2c4a3d86e1c783ef7e697214d4c9024d2fd823d30dbafc05f7c2fb85310784d41dcd3ddfd73b54885a8d2d1ac568e99a722420720d6aa27ee90c9865fdc5650ccb72aeb324d3b76edacfbf83fd7f5aa9ee1c69b3849704cb0d0f74a01182dfb97a026590fc4e1cd16acb9cdd832b9aa1eac1f0e0eeecff62d4ae98b009798f7913def0286428dc48869d2674440105a85706c22a15e32dd8e12c6781ba38af6bd41e4b14b42776b9a644a2349abbc6cdfe34b299e35945a7d4439ee296861c6b7bb483ec44e3a8b571f583fe6423e97018395a9f7149123ff239e0297a474308d649c8c75244dbd4e5b8f32c133f65c35687d17c896ca010d1ccaf09a6754ac477e1a222622b9bf1d5b60c3d66a567eebeca0da0c4891c085af3508", 0x1000}, {&(0x7f00000018c0)="84b43726d6d69fafd1215b26e92f4b75d79481554fc9678526b4956eebc89ca8a45975377fcf132d0670dc8d9f96402ae1d619f014", 0x35}], 0x5}}], 0x2, 0x0) (async, rerun: 64) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000004080)=@base={0x2, 0x4, 0x4, 0xbf22, 0x480, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000fa2000/0x4000)=nil, 0x4000, 0x2, 0x82011, r4, 0x0) r5 = socket(0x0, 0x1, 0xffffff00) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000880)={0x87, @empty, 0x4e23, 0x4, 'wrr\x00', 0x30, 0x8, 0x4e}, 0x2c) 2.067328902s ago: executing program 3 (id=2426): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x8}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}]}, 0x3c}}, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000001c0)={@local, @initdev, 0x0}, &(0x7f0000000200)=0xc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_tcp_int(r3, 0x6, 0x10, &(0x7f00000005c0), &(0x7f0000000740)=0x4) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x4) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000002c0)=0x0, &(0x7f0000000300)=0x4) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000340)={@dev, @dev, 0x0}, &(0x7f0000000380)=0xc) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000440)={'tunl0\x00', &(0x7f00000003c0)={'gretap0\x00', 0x0, 0x20, 0x700, 0xe4, 0xc9a, {{0xc, 0x4, 0x3, 0x24, 0x30, 0x64, 0x0, 0x0, 0x4, 0x0, @remote, @local, {[@timestamp_prespec={0x44, 0x14, 0xb1, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xf}, {@rand_addr=0x64010100, 0x51}]}, @generic={0xd0, 0x3, "9d"}, @ra={0x94, 0x4}]}}}}}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0xa4, r1, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xfd}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x7}, @ETHTOOL_A_LINKINFO_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_LINKINFO_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x2}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4040000}, 0x1) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbbf, 0x3, 0x80000000, 0x24000, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x5, 0x6, @void, @value, @void, @value}, 0x50) syz_emit_ethernet(0xca, &(0x7f0000000640)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x28, 0x4, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @local, {[@end, @generic={0x0, 0xd, "ee0dd9de36ed4bcc5b4e23"}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@private}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@loopback}, {}, {@local}, {@loopback}, {@private}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0xe, &(0x7f0000000140)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@map_val={0x18, 0x3, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x5}, @tail_call={{0x18, 0x2, 0x1, 0x0, r8}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) 1.742974011s ago: executing program 1 (id=2428): r0 = socket$kcm(0x2, 0xa, 0x73) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000380)={'macvtap0\x00', @local}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1c8, 0xffffffff, 0xffffffff, 0x1c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @mcast2, [0xff, 0x9cd3a8a38a7b8bbb, 0xffffff00, 0xff000000], [0xff, 0xffffffff, 0xff000000, 0xffffff00], 'dvmrp0\x00', 'caif0\x00', {}, {}, 0x89, 0x43, 0x4, 0x40}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x4, 0x0, 0x4, 'netbios-ns\x00', {0x6}}}}, {{@ipv6={@remote, @private2={0xfc, 0x2, '\x00', 0xfc}, [0x0, 0x0, 0xff], [0x0, 0xffffffff, 0xffffff00], 'wg1\x00', 'gre0\x00', {}, {}, 0x3c}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0xffffffff, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2f8) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)=@ethtool_coalesce={0xe, 0x10000, 0x100, 0xeb9, 0xa0, 0x31, 0x6, 0x305, 0x7, 0x3, 0x2, 0x9, 0x13e8, 0x6, 0xc0000000, 0x3, 0x200, 0x5, 0x202, 0x5, 0x4, 0xe, 0xb}}) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYBLOB="78e0399f169ef37247f28673e2e9a13b3c1cd23d89fb487300866ee4550fab65f6b5744b2c0f9364c19684ec521f77ed2df0d87eaa96c463938ffa55b37f77d1b725f5b9faf264194aab09241c0660effa3e09a4f883612691de802bb6ade7188852e7d6b4f1af650e66519af2f0d0f79fc4389e3d2cebfbc587fd8c7b8b1b80daac17be6064779955f303aab2255347aff9b24759a1e27894b15bbb52", @ANYRES32=r0], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000300)={0x0, 0xb}, &(0x7f0000000340)=0x8) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r6, 0x29, 0x1e, 0x0, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r7, &(0x7f0000000000)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000700)={r5, @in={{0x2, 0x4e23, @broadcast}}}, 0x84) r8 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000000800)={r5, 0x5}, 0x8) r9 = socket(0x2b, 0x1, 0x0) listen(r9, 0x0) bind$inet6(r9, &(0x7f0000000480)={0xa, 0x4e24, 0xfff, @private0, 0x5}, 0x1c) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(r9, &(0x7f0000000280)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x3}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004014}, 0x800) connect$bt_l2cap(r10, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r11 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r11, 0x891d, &(0x7f00000001c0)={'gre0\x00', 0x0}) getsockopt$bt_l2cap_L2CAP_CONNINFO(r10, 0x6, 0x2, 0x0, &(0x7f0000000040)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.50349564s ago: executing program 1 (id=2431): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000240)={r0, 0x9, 0x8, 0x1a95}) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="180000001a00fd5800006c610e2a00000a"], 0x18}, 0x1, 0x0, 0x0, 0x811}, 0x0) (async) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000140)="025a047b4d4a3f970e2fd1d2a872d20648fe6353c987a917b601bd8101ff5af37b7be48bb2a2248aa46ce91c395fa027fcd3bc85d41d2b21ebd0594bcb5a4f372a84a4da160d9495b9493ff9c333f99264ea82c4f0963dfbe4318a3c9d27957440820972248a88b276a6d3f7df05c1d25ea5c2d39601e8e6d7f0090ac22dbdeef5356ec2ae170c908a31d9d00e2eb1", 0xb2, 0x88c1, &(0x7f00000007c0)={0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c) (async) sendmsg$inet6(r3, &(0x7f0000000700)={&(0x7f0000000380)={0xa, 0x4e24, 0x200, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c, &(0x7f0000000940)=[{&(0x7f00000003c0)='$R', 0x2}], 0x1}, 0x40) (async) shutdown(r3, 0x1) setsockopt(r3, 0x84, 0x80, &(0x7f0000000080)="1a4f30d089f5bd5b", 0x8) (async) r4 = socket(0x2, 0x80805, 0x0) (async) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000003d0007010000000000000000037c000014003780100003007174722834a919733469"], 0x28}}, 0xc000) setsockopt(r3, 0xa, 0xd, &(0x7f0000000400)="9f5485f2bb9cc976a7f71f42a1e02ddcd238b73c63b93529851bd3418db778342eb069079fbfe6ac18759de0f12b992757e151d94a3c119e02f2766deb45c40f0bac0673c1dab03d8400dc48127e4162d0586f663e8cd4768fc18765cb5499242c746f31e231982e56811175282403fd3f562412f9c9ad0590702ee8b4dc047d3f410b53b357b61ced38c47bf6a126962194b879c61518de9caf246bee1a55c080274879c27fbc696ea6bf5789fa7201a73c06e6ee3c709e4d559726e5633d9ca0637377", 0xc4) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000080)=@sack_info={r6, 0x5, 0x1}, 0xc) (async) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f00000002c0)={r6, @in={{0x2, 0x4e22, @loopback}}}, 0x84) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000200)={r2, 0x3, 0x3, 0x8000000000000000}) setsockopt$packet_tx_ring(r8, 0x107, 0x5, &(0x7f00000000c0)=@req={0x1, 0x0, 0x5, 0x79}, 0x10) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000400000002000000000000110300000000001500000000000100000d000000000f00000000000000020000000000000c02000000000061"], 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x0, 0x11, r1, 0x0) (async) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x6339000) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) 1.400356041s ago: executing program 4 (id=2432): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f00000000c0)=0x8, 0xfffffffffffffeae) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b36, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2b, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001400)=@base={0xb, 0x6, 0x4, 0x3a7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYRES64=r2], &(0x7f0000000300)='syzkaller\x00', 0xfffffff9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xc0}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$can_raw(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r4}, 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x48}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) 1.392742171s ago: executing program 1 (id=2433): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000540)={@loopback, @mcast1, @empty, 0x7fff, 0x6, 0x8000, 0x400, 0x9, 0x200002}) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x20}}, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f8483f0000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 1.205457037s ago: executing program 3 (id=2434): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffffff, 0xffffffff, 0x210, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [], [], 'veth0_to_hsr\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20, 'TRACE\x00', 0xe}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x4e20, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x3, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}}, 0xb8}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x9a, &(0x7f00000009c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb00642b00fc020000002b00000000000000000000fe8000000000000000000000000000aa00000000006490783a000000000000000000000082f63de64f6ce2ee11028289aefdb3449391a823213e6336516748a7949bb108402fa83b1d661c18462075368a1860929ddeb8f71aa23d391b8fa99e9816af2d040876a663a86d97f46b9665cc18492bcbf43236e4e777a8"], 0x0) 1.091697535s ago: executing program 3 (id=2435): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1}}, 0x10) socket$packet(0x11, 0x3, 0x300) socket$inet6(0xa, 0x3, 0x2c) (async) r0 = socket$inet6(0xa, 0x3, 0x2c) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000000850000003900000095"], &(0x7f00000003c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) (async) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="b8000000280001"], 0xb8}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r3, r4, 0x4, 0x0, 0x0, @void, @value}, 0x10) r5 = socket$kcm(0xa, 0x922000000003, 0x11) recvmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x80108907, 0x0) (async) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x80108907, 0x0) r6 = socket(0x1, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r6}, 0x20) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r3, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r6}, 0x20) socket$key(0xf, 0x3, 0x2) (async) socket$key(0xf, 0x3, 0x2) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000100), &(0x7f0000000140)=@udp6=r1}, 0x20) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000008c0)=@newsa={0x14c, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in, 0x0, 0x6c}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @sec_ctx={0xc, 0x8, {0xfffffe9c}}, @XFRMA_IF_ID={0x8}]}, 0x14c}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x550, 0x3a0, 0x150, 0x150, 0x0, 0xf8010000, 0x480, 0x238, 0x238, 0x480, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x338, 0x3a0, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [], 0x2, [], 0x0, 0x4}}, @common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x5, 0x4}, {0x2, 0x6, 0x5}, {0x4, 0x2, 0x6}, 0x1, 0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) r8 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) (async) connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r8, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), r6) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x74, r9, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1e}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xf}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x40015) 792.690034ms ago: executing program 4 (id=2436): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002a40)={&(0x7f0000000040)={0x28, r0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x850) 721.639304ms ago: executing program 1 (id=2437): setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="40000000111401002bbd7000fedbdf2500000100020000000000010001000000000003000100000000004f000100000000004f0004000000000001000000000000004b002800"/79], 0x40}, 0x1, 0x0, 0x0, 0x20000800}, 0x200000c4) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @empty=0xe0000001}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r1) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36) (async) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="130000001000000008"], 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0xa, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x23}, @exit, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x24}}], &(0x7f0000000100)='GPL\x00', 0x0, 0xa3, &(0x7f0000000140)=""/163, 0x41000, 0x2a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0xffffffffffffffff], 0x0, 0x10, 0x55, @void, @value}, 0x94) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000400)) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup=r5, r4, 0x4, 0x0, 0x0, @void, @value=r6}, 0x20) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x25}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r7, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000740)={0x4c, r8, 0x1, 0x70bd26, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x40) (async) ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000000)=@ethtool_cmd={0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffff7fc, 0x4, 0x0, 0x0, 0x47, [0xfffffffc, 0x80]}}) 560.481685ms ago: executing program 4 (id=2438): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x114, r2, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0xdf, 0xbe, "ecceb61fab9c6e83a87db187040ec390ebe31b2561d4e78d40acd437fd1c316436bf01e6ea700b43e71e5149c3250042618b2691bce1ea11864c859d926c2f1eff0509492ae9d584c107e3f6e410d617e55cf2fab1d9428ef0731919db7a63f426f7bf2622e89aa0847b8fa656301c6366fff3e91a92fe90487c19917a13c66f28aed12697baa12c78166fb36f2015e7a7119b5666c7486f1af3b839b7dedb289a05e77118acedf1fa27b8b9de9c5ad51e076cf8d43b688010ddd89d02563dd5970c98fea88afcc8b906d3f10e899a1b5cba79290237d27045164f"}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x6}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x2}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x4fd9}]}, 0x114}, 0x1, 0x0, 0x0, 0x90}, 0x800) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r4, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000340)={r5}, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="050000000000feffffff2e00000008000300", @ANYRES32=r9, @ANYBLOB="050034008b0100000c004900"], 0x30}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r10 = socket$igmp(0x2, 0x3, 0x2) getsockopt$IPT_SO_GET_REVISION_TARGET(r10, 0x0, 0x43, &(0x7f0000000300)={'IDLETIMER\x00'}, &(0x7f0000000340)=0x1e) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x2c, r6, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac08, 0xfac0a, 0xfac0f]}]]}, 0x2c}}, 0x20000000) socket$packet(0x11, 0x0, 0x300) 560.089369ms ago: executing program 1 (id=2439): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000000)={'icmp6\x00'}, &(0x7f0000000040)=0x1e) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000000, 0x810, r0, 0xbc3b2000) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000001c0)={'tunl0\x00', &(0x7f0000000080)={'sit0\x00', 0x0, 0x20, 0x7, 0xfffff5e9, 0x7fc4, {{0x3a, 0x4, 0x3, 0x3c, 0xe8, 0x64, 0x0, 0xf, 0x0, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x1b}, {[@noop, @timestamp_prespec={0x44, 0x3c, 0xf1, 0x3, 0x4, [{@remote, 0xffff}, {@broadcast, 0x6}, {@loopback, 0xfffffffd}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x8}, {@private=0xa010101, 0x500a}, {@rand_addr=0x64010100}, {@multicast2, 0x7}]}, @timestamp_addr={0x44, 0x1c, 0x4e, 0x1, 0x1, [{@remote, 0x5}, {@rand_addr=0x64010101, 0x7fff}, {@multicast1}]}, @timestamp_prespec={0x44, 0xc, 0x76, 0x3, 0x2, [{@remote, 0x2}]}, @rr={0x7, 0x13, 0x55, [@empty, @rand_addr=0x64010100, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x2b, 0x30, [@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @remote, @loopback, @broadcast, @dev={0xac, 0x14, 0x14, 0x39}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @noop, @timestamp_prespec={0x44, 0x14, 0xa2, 0x3, 0x0, [{@rand_addr=0x64010101, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xe}]}, @rr={0x7, 0x17, 0x68, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @private=0xa010101, @remote]}, @ra={0x94, 0x4, 0x1}]}}}}}) setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x2a}, @dev={0xac, 0x14, 0x14, 0x3c}, r2}, 0xc) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000240)={r0, 0x8000000000000001, 0x6, 0x7}) ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000280)=r2) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440), 0x4) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0xffffffffffffffff, 0x8}, 0xc) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_ext={0x1c, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xce, 0x0, 0x0, 0x0, 0xd}, [@jmp={0x5, 0x0, 0x0, 0x2, 0x5, 0x80}, @generic={0x61, 0x4, 0x8, 0xb280, 0x4}, @generic={0x8, 0xe, 0x5, 0x1, 0x401}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x5, 0xb6, &(0x7f0000000340)=""/182, 0x40f00, 0x1b, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x5e73, r4, 0xa, &(0x7f00000004c0)=[r5], &(0x7f0000000500)=[{0x0, 0x3, 0x1}, {0x3, 0x2, 0xa, 0x3}, {0x3, 0x4, 0x7, 0x6}, {0x1, 0x3, 0x1, 0x5}, {0x1, 0x1, 0x4, 0x1}, {0x1, 0x1, 0x7, 0x3}, {0x1, 0x4, 0xe, 0x5}, {0x4, 0x2, 0x3, 0x1}, {0x5, 0x1, 0xe, 0x4}, {0x4, 0x3, 0x5, 0x7}], 0x10, 0x800, @void, @value}, 0x94) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), r3) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000800)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x94, r7, 0x8, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffffc}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x81}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2c000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x40}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa19}]}]}, 0x94}}, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f0000000840), r3) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000880)={'caif0\x00', 0x4}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000900)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000a80)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a40)={&(0x7f0000000980)={0xac, 0x0, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x41e92c36d0ca4e02}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r10 = accept4(r3, &(0x7f0000000ac0)=@tipc, &(0x7f0000000b40)=0x80, 0x0) getsockopt$CAN_RAW_FILTER(r10, 0x65, 0x1, &(0x7f0000000b80)=[{}, {}, {}], &(0x7f0000000bc0)=0x18) r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000cc0)={'wpan4\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x64, r11, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r12}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r13}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x2a}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x24000004) r14 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r15 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r15, 0x8933, &(0x7f0000000e00)={'wpan0\x00'}) r16 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e80), r10) ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f0000000ec0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r3, &(0x7f0000000f80)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000f40)={&(0x7f0000000f00)={0x34, r16, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r17}, @val={0xc, 0x99, {0x3, 0x80}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0xcdec4db74f92c36a}, 0x41) 430.375596ms ago: executing program 1 (id=2440): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x6) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000380)={'veth0_macvtap\x00', {0x2, 0x4e24, @loopback}}) ioctl$SIOCAX25CTLCON(r1, 0x89e8, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000500)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL, @IPSET_ATTR_FAMILY={0xfffffeb7, 0x5, 0xa}, @IPSET_ATTR_FAMILY={0x0, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x0, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x0, 0x6, 0x1, 0x0, 0x5}, @IPSET_ATTR_IP_TO={0x0, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x0, 0x1, 0x1, 0x0, @private=0xa010102}}, @IPSET_ATTR_HASHSIZE={0x0, 0x12, 0x1, 0x0, 0xc0000}, @IPSET_ATTR_IP={0x0, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x0, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT_TO={0x0, 0x5, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_PORT_TO={0x0, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_NETMASK={0x0, 0x14, 0x2c}]}, @IPSET_ATTR_TYPENAME={0x0, 0x3, 'hash:ip,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x2, 0x3, 0x1, 0x0, 0x3d}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0xa}, [], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, 0x4, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x50}, 0x0) r2 = socket(0x11, 0xa, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0xffffffffffffffc9, 0x2, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x6}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x24000810}, 0x10) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000100)={'macvlan0\x00', {0x2, 0x0, @initdev}}) mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x7, 0x50, r2, 0x80000000) 400.835735ms ago: executing program 4 (id=2441): sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f903", 0x11}], 0x1}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 64) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r2 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESHEX], 0x24}}, 0x0) (async) recvmmsg$unix(r2, &(0x7f0000001380)=[{{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000000640)=""/249, 0xf9}, {&(0x7f0000001840)=""/4106, 0x100a}, {&(0x7f0000000500)=""/17, 0x11}, {&(0x7f00000007c0)=""/109, 0x6d}, {&(0x7f0000001040)=""/213, 0xd5}, {&(0x7f00000014c0)=""/204, 0xcc}, {&(0x7f00000002c0)=""/53, 0x35}, {&(0x7f00000015c0)=""/210, 0xd2}], 0x8}}], 0x1, 0x0, 0x0) (async) write(r2, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) (async) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000200)) (async) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'gretap0\x00'}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) (async) ioctl$TUNGETIFF(r5, 0x800454d2, &(0x7f0000000500)={'bridge0\x00'}) (async) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, &(0x7f0000000180)=0x9046, 0x4) (async) recvfrom$llc(r2, &(0x7f0000000540)=""/239, 0xef, 0x40010010, &(0x7f0000000300)={0x1a, 0x30b, 0x80, 0x4, 0x3, 0x28, @broadcast}, 0x10) (async, rerun: 64) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (rerun: 64) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) (async) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000003a00), r7) sendmsg$NLBL_CALIPSO_C_REMOVE(r7, &(0x7f0000003ac0)={0x0, 0x0, &(0x7f0000003a80)={&(0x7f0000003a40)=ANY=[@ANYBLOB="64cd92f1", @ANYRES16=r8, @ANYBLOB="010026bd7000fcdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4014000}, 0x800) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) (async, rerun: 32) ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) (async, rerun: 32) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000000a0601010000000001000000000000000500010007000000"], 0x1c}}, 0x0) (async) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) (async, rerun: 32) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) (rerun: 32) 132.627111ms ago: executing program 3 (id=2442): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x30, r1, 0x5, 0xffffffff, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @NL80211_ATTR_PREV_BSSID={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x488c0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071120900000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 106.620408ms ago: executing program 4 (id=2443): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x890}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100)=@newqdisc={0x24}, 0x24}}, 0x24080841) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000840)=""/127, 0x7f}], 0x2}}], 0x1, 0x60, 0x0) socket(0x18, 0x3, 0x59b86141) 0s ago: executing program 4 (id=2444): socket$inet6(0xa, 0x1, 0x100) (async, rerun: 32) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) (rerun: 32) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x29}]}, 0x3c}}, 0x0) (async) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) sendmsg$kcm(r2, &(0x7f0000001480)={&(0x7f0000000100)=@nl=@kern={0x10, 0x0, 0x0, 0x40000}, 0x80, &(0x7f0000001440)=[{&(0x7f00000012c0)="fbdb9117f745b176b82d8dbe572e810cda808b82cda50fadfa218cfafebebf2f96ffe3962e7b6e2628e74c389ee1fae8b354018ff675bb4e8ed337c937b3ef0cc99175952b42642b1ce57dcfb978ea7ef91706874464ae3a5889ddcc44301ad02268980eb009e1b2e97cfc7aea310cb51cee14874e7afcb041acec9fd1d1c8d7224c87c4aabed4c5b468484092fa10c8c1e8d94f670b84f33bdd578bfdfcab98e84113ba6e4f56860a87c8bc6dedf1ded802a78c6d9dd4fac2b46b474d3d9aad2c506b854c1f1ef39d261cb872d395a46d68b19d9fdec23a5ae76c259198294023ecd091", 0xe4}, {&(0x7f00000013c0)="8cb0a735d236ba236167f1b2fd63d7d36547f02e68e87e945296f7760b74e33c33eacab785083ae753cadcde8c1cd3ffde15c54f0d345ab42cea4208bdeb5a2db1e64761fee2486043a60ea2ad26f79b52b4a5f49b19300e914e727c04b7b0e3d77d9fcd2bc7bb782c", 0x69}, {&(0x7f0000000180)="8ecb5e785c80eeb63747e88b6ac7b0f9f70df8f8d71c211b4e4359f3b1250f24105a4027e7eff31aa4eb6dcd2e063bc8e223e19b0cd60eae045d70a7", 0x3c}], 0x3, &(0x7f0000001880)=[{0x58, 0x1, 0x2, "6990aed9ab117e745f712f80d690e84fa427a989fb31040deb1604ac612ae1d45bbcd1f786bfc9b97909251fcf92736bd15a17c1518749203eae555b2fd82b7d68"}, {0x68, 0x3a, 0x1, "6ab3b92fca3bc4bd8f5af88d9dd444b71782f975c337132d0b2f355600a6bba46f966544d1781956f5ce4956af473e961ef3ea61af8b2ca4eace7b0a73fab3499dd624ef8da3708cf5759d5be7cfe7d1a3e8"}, {0x30, 0x10e, 0x3ff, "f4c3a2be6f79f89f7307794b33d47cd530890eac0e66c9f465"}, {0xb8, 0x1, 0x5, "1b1a0d028889b008a6528bc86650cf3c2bb886e555818307cbbe58de302ae00dd8e5b84c7c71079aa7851baef85dae5acc963456edb4513a3f80569d7baf70f97f8599ab7efb14aa8c256952e16a528c633ad5345fa5ea468b5c6612b5ed0e1780a62d85a819d2478e6338deebd438dbb4fdcb6adf833a6098884a3248960d2fb77a654af29c04cd3331752fd9743a82eb3728b69c685d9f1a0a7218b2da3664bc1074aeda387fa1"}, {0x110, 0x108, 0x6ff, "6236fbf44e2600d178db5786412455e40dba4b9b6de71cd54e7e5ac1c35d94ed5c6650594ba6bb37ead8a196e125540175525f45cb4148b804bf7b27c7a9604b6a50e6066706d45bebf6d81be1681af5dfa8f3101d21cace8c3a5aa7fe626d452f9852b6cc4a271b1bf5c3d745e89576a3f4000c826f3bb6adc9ad389fa1307964a4442973e4940a794c6591147ebfc0b4644b314d784f7598d08c48c2df8c5ca40b38bae7659139d15d6c314ea7a36365e0b229af3e021f8cfcbc1bdd16d5fccd2c2b20d82f79a7c7d01596206c85a4133a765387c9a01965494e9847283ff6031a792da460f6056a5d8a2613e1b1b2ce6d6b8b300e1e7adcbb"}, {0xf8, 0x10b, 0xb1b, "aa2a802953575b0e0082ab573aa2a38130a9a458bf259bd7189e867c7174c051cf8f7d48958681edefe6ea04259e03be3d305f9cd8aa0e318436cc5305016fb0df1e4990f4411d9e2f94c0ff2e44fe25c8464ca664478552e870e91ceec367bfa1f27bc7fd188a57e2e38b80219d9eed0f8d48ee6997f4c7f05ede4b5e1708892f7a4f881db29740a481deef78fef0b9c59487f974f7dd7225aa079612ce6a1e426e41eba655c568160cadb28b46b0cce1080d8924b733fd25e66dac71818e6e2cff99d5a2d32a93460467d4b13c8628d656219caccb765a3af54d7af6aa24444f8a5ec8d4"}, {0x108, 0x117, 0x0, "426057f7c0c4fc4840579c14f9c8f243c40c88f43cb0eefe8a8607e18f9b53c45eb9e20534261fc23a913be343df84d5ec183dd95bd225708d741c6bbaade7a499c60a116880be3c1d564c85050e97b6b59874951cac4d58e96903d7a8a0ccdc07bd9ca146d441f018016690b44e5444cf9da39dd3e7889d6960a3bc858ad5e03d0d1f4d3d8b5bad78b44933e5cbc859d6d8e82fdecf8fecf53c42bd24179f5fc18deff5774fc713e2abf467e4577ed34ba5bc6ca3dadc11d252cd9d17b4339938ab7dc8e8ea09c30b97ae5f637fd56dcbe7d7cbe5ce0d4ca9a119e6792ee0bc441bf5add2744304a4f7ea48914795d091a123bcb3b02a"}, {0x30, 0x107, 0x400, "16a78bb3be504b4644688f04293013bec4280f6b9faba6384f3da806f46250"}], 0x4e8}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xe, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000020000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002600000000ff000e61146800000000001d430000000000007a0a00fe00581c1f6114520000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fdb6153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff46248843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae543d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80aba439772bf60a1db18c472dafc5569adc2c406f39f82928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08a1a4b94cb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f1d2156befec432e8e993c79027b7ef285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdc0500000000000000b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb87d9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e28488b0522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b669615f2710eb8df39fc8c04d2c9c196fa6facfea613569a35cde6451f2edf55ce25c7d72ec7ea85a92458c0559ca3a94727d495bd4671a55a70bc544d71d8e0257707a31936f1adf224077310a86bf447ec92c650acca8c6b0721020894b06178c32f4472d17174d6eb2b067030c5d2c12583f46d2da7fba42d4083259c7cdc8bf1f4299c248865d3c809356c3ed"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async, rerun: 32) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x8, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {}, {0x18, 0x8, 0x2, 0x0, r3}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r5, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfd, 0x20}, 0xc) (async, rerun: 32) r6 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}}, 0x0) kernel console output (not intermixed with test programs): 07] bridge0: port 3(dummy0) entered disabled state [ 216.498745][T10907] dummy0: entered allmulticast mode [ 216.524201][T10907] bridge0: port 3(dummy0) entered blocking state [ 216.530781][T10907] bridge0: port 3(dummy0) entered forwarding state [ 216.640570][T10905] syz_tun: left allmulticast mode [ 216.815005][T10920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1834'. [ 216.934697][T10921] netlink: 'syz.4.1835': attribute type 34 has an invalid length. [ 217.028990][T10927] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1837'. [ 217.053974][T10928] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1838'. [ 217.090615][T10931] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 217.875505][T10969] netlink: 'syz.2.1853': attribute type 72 has an invalid length. [ 217.885393][T10969] netlink: 'syz.2.1853': attribute type 8 has an invalid length. [ 218.099065][T10983] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 218.518887][T11010] netlink: 'syz.4.1865': attribute type 72 has an invalid length. [ 218.522841][T11008] xt_l2tp: invalid flags combination: c [ 218.535904][T11010] netlink: 'syz.4.1865': attribute type 8 has an invalid length. [ 218.842505][T11021] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 218.884619][T11021] dvmrp0: entered allmulticast mode [ 219.210757][T11046] nbd: couldn't find device at index 677183552 [ 219.990311][ T8891] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.101794][ T8891] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.205857][ T8891] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.338770][ T8891] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.766977][T11102] netlink: 'syz.4.1898': attribute type 1 has an invalid length. [ 220.815967][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 220.825007][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 220.838432][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 220.846948][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 220.856290][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 221.233685][ T8891] dvmrp0 (unregistering): left allmulticast mode [ 221.366644][ T8891] bond0 (unregistering): Released all slaves [ 221.382542][ T8891] bond1 (unregistering): Released all slaves [ 221.485827][ T8891] tipc: Disabling bearer [ 221.500847][ T8891] tipc: Left network mode [ 221.825336][T11138] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 221.869666][T11140] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 221.962775][T11145] __nla_validate_parse: 13 callbacks suppressed [ 221.962795][T11145] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1907'. [ 222.088112][T11150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1909'. [ 222.236892][T11148] syzkaller1: entered promiscuous mode [ 222.244243][T11148] syzkaller1: entered allmulticast mode [ 222.551333][T11164] tipc: Enabled bearer , priority 0 [ 222.614319][T11162] tipc: Disabling bearer [ 222.667042][ T8891] hsr_slave_0: left promiscuous mode [ 222.680555][ T8891] hsr_slave_1: left promiscuous mode [ 222.713432][ T8891] veth1_macvtap: left promiscuous mode [ 222.727604][ T8891] veth0_macvtap: left promiscuous mode [ 222.739253][ T8891] veth1_vlan: left promiscuous mode [ 222.750232][ T8891] veth0_vlan: left promiscuous mode [ 222.917875][ T5832] Bluetooth: hci2: command tx timeout [ 223.027513][T11175] netlink: 'syz.3.1916': attribute type 39 has an invalid length. [ 223.088280][T11180] FAULT_INJECTION: forcing a failure. [ 223.088280][T11180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.111465][T11180] CPU: 1 UID: 0 PID: 11180 Comm: syz.4.1918 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 223.111494][T11180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.111508][T11180] Call Trace: [ 223.111516][T11180] [ 223.111525][T11180] dump_stack_lvl+0x189/0x250 [ 223.111559][T11180] ? __lock_acquire+0xaac/0xd20 [ 223.111614][T11180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.111646][T11180] ? __pfx__printk+0x10/0x10 [ 223.111668][T11180] ? __might_fault+0xb0/0x130 [ 223.111710][T11180] should_fail_ex+0x414/0x560 [ 223.111738][T11180] _copy_from_user+0x2d/0xb0 [ 223.111770][T11180] kstrtouint_from_user+0xc4/0x170 [ 223.111800][T11180] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 223.111846][T11180] proc_fail_nth_write+0x88/0x240 [ 223.111878][T11180] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 223.111916][T11180] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 223.111958][T11180] vfs_write+0x27b/0xa90 [ 223.111994][T11180] ? __pfx_vfs_write+0x10/0x10 [ 223.112022][T11180] ? __fget_files+0x2a/0x420 [ 223.112057][T11180] ? __fget_files+0x3a0/0x420 [ 223.112085][T11180] ? __fget_files+0x2a/0x420 [ 223.112125][T11180] ksys_write+0x145/0x250 [ 223.112148][T11180] ? rcu_is_watching+0x15/0xb0 [ 223.112170][T11180] ? __pfx_ksys_write+0x10/0x10 [ 223.112200][T11180] ? do_syscall_64+0xba/0x210 [ 223.112234][T11180] do_syscall_64+0xf6/0x210 [ 223.112263][T11180] ? clear_bhb_loop+0x60/0xb0 [ 223.112290][T11180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.112311][T11180] RIP: 0033:0x7fa1ab58d41f [ 223.112329][T11180] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 223.112348][T11180] RSP: 002b:00007fa1ac3c5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 223.112370][T11180] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa1ab58d41f [ 223.112385][T11180] RDX: 0000000000000001 RSI: 00007fa1ac3c50a0 RDI: 0000000000000004 [ 223.112398][T11180] RBP: 00007fa1ac3c5090 R08: 0000000000000000 R09: 0000000000000000 [ 223.112411][T11180] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 223.112423][T11180] R13: 0000000000000000 R14: 00007fa1ab7b5fa0 R15: 00007ffc6d9dd818 [ 223.112458][T11180] [ 223.378530][T11183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1919'. [ 223.473150][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 223.481942][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 223.491492][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 223.503785][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 223.511849][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 223.908576][T11198] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1923'. [ 224.350669][T11201] netlink: 'syz.4.1924': attribute type 9 has an invalid length. [ 224.361455][T11201] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1924'. [ 224.382301][T11204] tipc: Started in network mode [ 224.393491][T11204] tipc: Node identity de09604d5c87, cluster identity 4711 [ 224.428426][T11204] tipc: Enabled bearer , priority 0 [ 224.505197][T11203] tipc: Disabling bearer [ 224.542216][T11209] netlink: 'syz.4.1926': attribute type 34 has an invalid length. [ 224.564364][T11104] chnl_net:caif_netlink_parms(): no params data found [ 224.592637][ T8891] IPVS: stop unused estimator thread 0... [ 224.827032][T11221] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1930'. [ 225.000244][ T55] Bluetooth: hci2: command tx timeout [ 225.043930][T11104] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.051766][T11104] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.059281][T11104] bridge_slave_0: entered allmulticast mode [ 225.071366][T11104] bridge_slave_0: entered promiscuous mode [ 225.156730][T11239] netlink: 'syz.4.1934': attribute type 2 has an invalid length. [ 225.215223][T11104] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.230629][T11104] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.247813][T11104] bridge_slave_1: entered allmulticast mode [ 225.261547][T11104] bridge_slave_1: entered promiscuous mode [ 225.391428][T11187] chnl_net:caif_netlink_parms(): no params data found [ 225.410046][T11104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.424968][T11104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.557628][ T55] Bluetooth: hci3: command tx timeout [ 225.616137][T11104] team0: Port device team_slave_0 added [ 225.625158][T11257] tipc: Enabled bearer , priority 0 [ 225.659480][T11104] team0: Port device team_slave_1 added [ 225.682383][T11250] tipc: Disabling bearer [ 225.940439][T11104] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.962415][T11104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.018382][T11104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.080531][T11104] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.099370][T11104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.153689][T11104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.272884][T11187] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.289543][T11187] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.310806][T11187] bridge_slave_0: entered allmulticast mode [ 226.330368][T11187] bridge_slave_0: entered promiscuous mode [ 226.344200][T11287] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1943'. [ 226.409588][T11187] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.457542][T11187] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.470837][T11187] bridge_slave_1: entered allmulticast mode [ 226.490038][T11187] bridge_slave_1: entered promiscuous mode [ 226.556074][T11301] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 226.579375][T11303] FAULT_INJECTION: forcing a failure. [ 226.579375][T11303] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.598722][T11303] CPU: 0 UID: 0 PID: 11303 Comm: syz.4.1950 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 226.598748][T11303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.598761][T11303] Call Trace: [ 226.598768][T11303] [ 226.598776][T11303] dump_stack_lvl+0x189/0x250 [ 226.598808][T11303] ? __lock_acquire+0xaac/0xd20 [ 226.598839][T11303] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.598867][T11303] ? __pfx__printk+0x10/0x10 [ 226.598886][T11303] ? __might_fault+0xb0/0x130 [ 226.598924][T11303] should_fail_ex+0x414/0x560 [ 226.598949][T11303] _copy_from_user+0x2d/0xb0 [ 226.598977][T11303] ___sys_sendmsg+0x158/0x2a0 [ 226.599007][T11303] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.599070][T11303] ? __fget_files+0x2a/0x420 [ 226.599096][T11303] ? __fget_files+0x3a0/0x420 [ 226.599132][T11303] __x64_sys_sendmsg+0x19b/0x260 [ 226.599162][T11303] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 226.599205][T11303] ? do_syscall_64+0xba/0x210 [ 226.599235][T11303] do_syscall_64+0xf6/0x210 [ 226.599262][T11303] ? clear_bhb_loop+0x60/0xb0 [ 226.599286][T11303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.599305][T11303] RIP: 0033:0x7fa1ab58e969 [ 226.599321][T11303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.599338][T11303] RSP: 002b:00007fa1ac3c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 226.599358][T11303] RAX: ffffffffffffffda RBX: 00007fa1ab7b5fa0 RCX: 00007fa1ab58e969 [ 226.599372][T11303] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 226.599384][T11303] RBP: 00007fa1ac3c5090 R08: 0000000000000000 R09: 0000000000000000 [ 226.599397][T11303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.599407][T11303] R13: 0000000000000000 R14: 00007fa1ab7b5fa0 R15: 00007ffc6d9dd818 [ 226.599444][T11303] [ 226.864882][T11104] hsr_slave_0: entered promiscuous mode [ 226.871853][T11104] hsr_slave_1: entered promiscuous mode [ 226.925648][T11187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.943802][T11187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.040010][T11187] team0: Port device team_slave_0 added [ 227.066274][T11187] team0: Port device team_slave_1 added [ 227.077271][ T55] Bluetooth: hci2: command tx timeout [ 227.103139][ T8891] gretap1: left allmulticast mode [ 227.113307][ T8891] gretap1: left promiscuous mode [ 227.120760][ T8891] bridge0: port 3(gretap1) entered disabled state [ 227.144800][ T8891] bridge_slave_1: left allmulticast mode [ 227.154395][ T8891] bridge_slave_1: left promiscuous mode [ 227.161373][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.173406][ T8891] bridge_slave_0: left allmulticast mode [ 227.179244][ T8891] bridge_slave_0: left promiscuous mode [ 227.184927][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.523108][ T8891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.533610][ T8891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.546058][ T8891] bond0 (unregistering): Released all slaves [ 227.563134][ T8891] bond1 (unregistering): Released all slaves [ 227.637269][ T55] Bluetooth: hci3: command tx timeout [ 227.656459][ T8891] bond2 (unregistering): Released all slaves [ 227.672041][ T8891] bond3 (unregistering): Released all slaves [ 227.722432][T11323] tipc: Enabled bearer , priority 0 [ 227.753880][T11187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.767381][T11187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.800574][T11187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.814183][ T8891] tipc: Left network mode [ 227.863935][T11321] tipc: Disabling bearer [ 227.874417][T11187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.882104][T11187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.909984][T11187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.227204][T11342] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1959'. [ 228.314918][T11187] hsr_slave_0: entered promiscuous mode [ 228.332058][T11187] hsr_slave_1: entered promiscuous mode [ 228.341966][T11187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 228.353517][T11187] Cannot create hsr debugfs directory [ 228.408014][T11342] bridge_slave_1: left promiscuous mode [ 228.413846][T11342] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.424597][T11342] bridge_slave_0: left allmulticast mode [ 228.430892][T11342] bridge_slave_0: left promiscuous mode [ 228.436669][T11342] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.594371][T11350] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 228.674245][T11346] openvswitch: netlink: ct_state flags 800c002c unsupported [ 228.736808][T11355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1962'. [ 228.906028][T11355] macsec0: entered promiscuous mode [ 228.922151][T11361] netlink: 'syz.4.1962': attribute type 5 has an invalid length. [ 228.971796][ T8891] batadv0: left promiscuous mode [ 228.979762][ T8891] team0: left promiscuous mode [ 228.984663][ T8891] team_slave_0: left promiscuous mode [ 228.993768][ T8891] team_slave_1: left promiscuous mode [ 229.010574][ T8891] hsr_slave_0: left promiscuous mode [ 229.016943][ T8891] hsr_slave_1: left promiscuous mode [ 229.024368][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.037035][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.157229][ T55] Bluetooth: hci2: command tx timeout [ 229.272828][ T8891] team_slave_1 (unregistering): left allmulticast mode [ 229.286292][ T8891] team0 (unregistering): Port device team_slave_1 removed [ 229.320267][ T8891] team_slave_0 (unregistering): left allmulticast mode [ 229.331579][ T8891] team0 (unregistering): Port device team_slave_0 removed [ 229.342386][ T8877] smc: removing ib device syz2 [ 229.719107][ T55] Bluetooth: hci3: command tx timeout [ 230.071128][T11381] tipc: Enabled bearer , priority 0 [ 230.156391][T11374] tipc: Disabling bearer [ 230.335342][T11388] batman_adv: batadv0: Adding interface: gretap3 [ 230.342002][T11388] batman_adv: batadv0: Not using interface gretap3 (retrying later): interface not active [ 230.523203][T11104] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 230.578264][T11104] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 230.660227][T11104] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 230.700508][T11104] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 230.991039][T11408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1977'. [ 231.022164][T11408] netlink: 'syz.4.1977': attribute type 2 has an invalid length. [ 231.084451][T11104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.133628][T11104] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.262506][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.269717][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.382577][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.389808][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.510498][ T8891] IPVS: stop unused estimator thread 0... [ 231.567051][T11187] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 231.669408][T11187] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 231.703967][T11187] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 231.804413][ T55] Bluetooth: hci3: command tx timeout [ 231.817552][T11187] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 232.007983][T11187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.036850][T11187] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.079100][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.086265][ T8877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.132066][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.139246][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.167705][T11431] Set syz0 is full, maxelem 0 reached [ 232.246143][T11104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.362995][T11104] veth0_vlan: entered promiscuous mode [ 232.392112][T11104] veth1_vlan: entered promiscuous mode [ 232.464185][T11104] veth0_macvtap: entered promiscuous mode [ 232.475846][T11104] veth1_macvtap: entered promiscuous mode [ 232.521715][T11104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.573434][T11104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 232.608853][T11104] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.637336][T11104] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.651214][T11104] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.662990][T11104] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.745307][T11187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.869249][ T8893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.880069][ T8893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.890828][T11187] veth0_vlan: entered promiscuous mode [ 232.942826][T11187] veth1_vlan: entered promiscuous mode [ 232.962024][ T8893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.975903][ T8893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.009950][T11187] veth0_macvtap: entered promiscuous mode [ 233.036552][T11187] veth1_macvtap: entered promiscuous mode [ 233.083269][T11187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.126977][T11187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.201252][T11187] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.215070][T11187] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.228647][T11187] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.240212][T11187] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.253448][T11463] tipc: Enabled bearer , priority 0 [ 233.261996][T11463] syzkaller0: entered promiscuous mode [ 233.267862][T11463] syzkaller0: entered allmulticast mode [ 233.290939][T11463] tipc: Resetting bearer [ 233.308218][T11462] tipc: Resetting bearer [ 233.331752][T11462] tipc: Disabling bearer [ 233.362154][T11467] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1994'. [ 233.391818][T11467] netlink: 'syz.4.1994': attribute type 28 has an invalid length. [ 233.400693][T11467] netlink: 'syz.4.1994': attribute type 3 has an invalid length. [ 233.408988][T11467] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1994'. [ 233.430467][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.447299][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.512368][ T3460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.527676][ T3460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.545264][T11471] syzkaller1: entered allmulticast mode [ 233.566783][T11473] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1996'. [ 233.827525][T11482] Set syz0 is full, maxelem 0 reached [ 233.894372][ T8891] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.298314][ T8891] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.351706][T11497] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2004'. [ 234.443191][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 234.456710][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 234.464780][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 234.477415][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 234.492263][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 234.494744][ T8891] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.618850][ T8891] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.837085][ T8891] bridge_slave_1: left allmulticast mode [ 234.872129][ T8891] bridge_slave_1: left promiscuous mode [ 234.882988][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.944803][ T8891] bridge_slave_0: left allmulticast mode [ 234.951896][ T8891] bridge_slave_0: left promiscuous mode [ 234.967451][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.999192][T11508] FAULT_INJECTION: forcing a failure. [ 234.999192][T11508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.035026][T11508] CPU: 1 UID: 0 PID: 11508 Comm: syz.3.2006 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 235.035053][T11508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.035065][T11508] Call Trace: [ 235.035073][T11508] [ 235.035089][T11508] dump_stack_lvl+0x189/0x250 [ 235.035142][T11508] ? __lock_acquire+0xaac/0xd20 [ 235.035175][T11508] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.035205][T11508] ? __pfx__printk+0x10/0x10 [ 235.035227][T11508] ? __might_fault+0xb0/0x130 [ 235.035267][T11508] should_fail_ex+0x414/0x560 [ 235.035295][T11508] _copy_from_iter+0x1db/0x15a0 [ 235.035323][T11508] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 235.035354][T11508] ? __pfx__copy_from_iter+0x10/0x10 [ 235.035382][T11508] ? policy_nodemask+0x27c/0x720 [ 235.035409][T11508] ? aa_file_perm+0x11f/0xed0 [ 235.035442][T11508] ? page_copy_sane+0x4e/0x280 [ 235.035470][T11508] copy_page_from_iter+0x7b/0x100 [ 235.035501][T11508] anon_pipe_write+0x99a/0x1360 [ 235.035556][T11508] ? __pfx_anon_pipe_write+0x10/0x10 [ 235.035584][T11508] ? common_file_perm+0x199/0x200 [ 235.035612][T11508] ? bpf_lsm_file_permission+0x9/0x20 [ 235.035639][T11508] ? security_file_permission+0x75/0x290 [ 235.035682][T11508] vfs_write+0x548/0xa90 [ 235.035712][T11508] ? __pfx_anon_pipe_write+0x10/0x10 [ 235.035742][T11508] ? __pfx_vfs_write+0x10/0x10 [ 235.035778][T11508] ? __fget_files+0x2a/0x420 [ 235.035818][T11508] ksys_write+0x145/0x250 [ 235.035853][T11508] ? rcu_is_watching+0x15/0xb0 [ 235.035903][T11508] ? __pfx_ksys_write+0x10/0x10 [ 235.035934][T11508] ? do_syscall_64+0xba/0x210 [ 235.035969][T11508] do_syscall_64+0xf6/0x210 [ 235.035999][T11508] ? clear_bhb_loop+0x60/0xb0 [ 235.036026][T11508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.036047][T11508] RIP: 0033:0x7fed80f8e969 [ 235.036066][T11508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.036093][T11508] RSP: 002b:00007fed81ded038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.036117][T11508] RAX: ffffffffffffffda RBX: 00007fed811b6080 RCX: 00007fed80f8e969 [ 235.036133][T11508] RDX: 0000000000010448 RSI: 0000200000003100 RDI: 0000000000000006 [ 235.036147][T11508] RBP: 00007fed81ded090 R08: 0000000000000000 R09: 0000000000000000 [ 235.036160][T11508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 235.036172][T11508] R13: 0000000000000000 R14: 00007fed811b6080 R15: 00007ffd2b0a0e98 [ 235.036205][T11508] [ 235.486433][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 235.505795][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 235.517064][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 235.529407][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 235.538234][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 235.743685][ T8891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.756986][ T8891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.767659][ T8891] bond0 (unregistering): Released all slaves [ 235.863097][T11498] chnl_net:caif_netlink_parms(): no params data found [ 236.600242][ T55] Bluetooth: hci2: command tx timeout [ 237.187854][T11532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2011'. [ 237.220124][ T8891] hsr_slave_0: left promiscuous mode [ 237.239189][T11536] Set syz0 is full, maxelem 0 reached [ 237.244778][ T8891] hsr_slave_1: left promiscuous mode [ 237.254868][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.268370][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.277882][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.285399][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.293406][T11538] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2013'. [ 237.313859][ T8891] veth1_macvtap: left promiscuous mode [ 237.320402][ T8891] veth0_macvtap: left promiscuous mode [ 237.326878][ T8891] veth1_vlan: left promiscuous mode [ 237.332443][ T8891] veth0_vlan: left promiscuous mode [ 237.638622][ T55] Bluetooth: hci3: command tx timeout [ 237.994257][ T8891] team0 (unregistering): Port device team_slave_1 removed [ 238.036438][ T8891] team0 (unregistering): Port device team_slave_0 removed [ 238.460887][T11544] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 238.496865][T11498] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.514736][T11498] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.552093][T11498] bridge_slave_0: entered allmulticast mode [ 238.573163][T11498] bridge_slave_0: entered promiscuous mode [ 238.615083][T11498] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.626624][T11498] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.634559][T11498] bridge_slave_1: entered allmulticast mode [ 238.642698][T11498] bridge_slave_1: entered promiscuous mode [ 238.664297][T11561] batadv0: Device is already in use. [ 238.673357][T11563] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 238.677617][ T55] Bluetooth: hci2: command tx timeout [ 238.715923][T11564] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 238.745573][T11498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 238.760834][T11498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.859993][T11498] team0: Port device team_slave_0 added [ 238.872308][T11498] team0: Port device team_slave_1 added [ 238.969887][T11498] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.976981][T11498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.011345][T11498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.032138][T11498] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.047240][T11498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.073972][T11498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.112342][T11522] chnl_net:caif_netlink_parms(): no params data found [ 239.255380][ T8891] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.290465][T11498] hsr_slave_0: entered promiscuous mode [ 239.297025][T11498] hsr_slave_1: entered promiscuous mode [ 239.430714][ T8891] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.461526][T11582] netlink: 'syz.4.2025': attribute type 2 has an invalid length. [ 239.478472][T11582] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2025'. [ 239.513908][T11582] netlink: 'syz.4.2025': attribute type 1 has an invalid length. [ 239.530064][T11582] netlink: 204 bytes leftover after parsing attributes in process `syz.4.2025'. [ 239.580628][ T8891] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.611955][T11588] openvswitch: netlink: Key type 790 is out of range max 32 [ 239.625217][T11522] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.634282][T11522] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.645287][T11522] bridge_slave_0: entered allmulticast mode [ 239.659543][T11522] bridge_slave_0: entered promiscuous mode [ 239.718069][ T55] Bluetooth: hci3: command tx timeout [ 239.752051][T11591] x_tables: duplicate underflow at hook 3 [ 239.774307][ T8891] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.804504][T11522] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.818656][T11522] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.826414][T11522] bridge_slave_1: entered allmulticast mode [ 239.834625][T11522] bridge_slave_1: entered promiscuous mode [ 239.984870][T11522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.026062][T11522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.096866][T11602] Unsupported ieee802154 address type: 0 [ 240.112600][T11602] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2030'. [ 240.146732][T11522] team0: Port device team_slave_0 added [ 240.163185][T11522] team0: Port device team_slave_1 added [ 240.201148][T11610] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 240.290474][T11614] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2035'. [ 240.428771][T11522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.435871][T11522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.462259][T11522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.483707][T11522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.490778][T11522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.517627][T11522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.542606][T11619] ipip0: entered promiscuous mode [ 240.567924][T11614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2035'. [ 240.679918][T11522] hsr_slave_0: entered promiscuous mode [ 240.686683][T11522] hsr_slave_1: entered promiscuous mode [ 240.694608][T11522] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.696369][T11622] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 240.702240][T11522] Cannot create hsr debugfs directory [ 240.702667][ T8891] bridge_slave_1: left allmulticast mode [ 240.702718][ T8891] bridge_slave_1: left promiscuous mode [ 240.702924][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.743931][ T8891] bridge_slave_0: left allmulticast mode [ 240.751808][ T8891] bridge_slave_0: left promiscuous mode [ 240.757833][ T55] Bluetooth: hci2: command tx timeout [ 240.764402][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.857749][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2042'. [ 240.876592][T11630] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2041'. [ 241.142411][ T8891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.153867][ T8891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.164929][ T8891] bond0 (unregistering): Released all slaves [ 241.413183][T11638] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 241.689345][T11658] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2050'. [ 241.798815][ T55] Bluetooth: hci3: command tx timeout [ 241.858595][T11658] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2050'. [ 241.883954][ T8891] hsr_slave_0: left promiscuous mode [ 241.891564][ T8891] hsr_slave_1: left promiscuous mode [ 241.897736][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 241.905448][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.924701][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 241.932953][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 241.983289][ T8891] veth1_macvtap: left promiscuous mode [ 241.992227][ T8891] veth0_macvtap: left promiscuous mode [ 241.998111][ T8891] veth1_vlan: left promiscuous mode [ 242.003520][ T8891] veth0_vlan: left promiscuous mode [ 242.465126][ T8891] team0 (unregistering): Port device team_slave_1 removed [ 242.500258][ T8891] team0 (unregistering): Port device team_slave_0 removed [ 242.837958][ T55] Bluetooth: hci2: command tx timeout [ 242.936779][T11675] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2054'. [ 243.019555][T11498] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 243.072620][T11498] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 243.165330][T11686] Set syz0 is full, maxelem 0 reached [ 243.251263][T11688] netlink: 'syz.3.2059': attribute type 1 has an invalid length. [ 243.293889][T11498] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 243.359329][T11498] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 243.692919][T11498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.786586][T11498] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.842570][ T8889] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.850620][ T8889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.880726][ T55] Bluetooth: hci3: command tx timeout [ 243.897325][T11522] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 243.938686][T11522] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 243.981274][T11522] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 243.996789][ T8889] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.004056][ T8889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.032880][T11522] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 244.352477][T11522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.402381][T11522] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.417606][T11720] netlink: zone id is out of range [ 244.430993][T11720] netlink: zone id is out of range [ 244.444568][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.451816][ T8891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.453527][T11720] netlink: zone id is out of range [ 244.475498][T11720] netlink: zone id is out of range [ 244.483583][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.490810][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.514214][T11720] netlink: zone id is out of range [ 244.521900][T11720] netlink: zone id is out of range [ 244.685225][T11498] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.788788][T11735] netlink: 'syz.4.2073': attribute type 4 has an invalid length. [ 244.884991][T11498] veth0_vlan: entered promiscuous mode [ 244.950210][T11498] veth1_vlan: entered promiscuous mode [ 245.072819][T11498] veth0_macvtap: entered promiscuous mode [ 245.140205][T11498] veth1_macvtap: entered promiscuous mode [ 245.153331][T11742] FAULT_INJECTION: forcing a failure. [ 245.153331][T11742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.201876][T11742] CPU: 0 UID: 0 PID: 11742 Comm: syz.1.2075 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 245.201907][T11742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.201921][T11742] Call Trace: [ 245.201929][T11742] [ 245.201938][T11742] dump_stack_lvl+0x189/0x250 [ 245.201972][T11742] ? __lock_acquire+0xaac/0xd20 [ 245.202007][T11742] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.202038][T11742] ? __pfx__printk+0x10/0x10 [ 245.202059][T11742] ? __might_fault+0xb0/0x130 [ 245.202099][T11742] should_fail_ex+0x414/0x560 [ 245.202126][T11742] _copy_from_iter+0x1db/0x15a0 [ 245.202166][T11742] ? __pfx__copy_from_iter+0x10/0x10 [ 245.202198][T11742] ? is_bpf_text_address+0x26/0x2b0 [ 245.202241][T11742] tun_get_user+0x4b2/0x3c20 [ 245.202295][T11742] ? aa_file_perm+0x11f/0xed0 [ 245.202321][T11742] ? __pfx_tun_get_user+0x10/0x10 [ 245.202351][T11742] ? aa_file_perm+0x11f/0xed0 [ 245.202376][T11742] ? aa_file_perm+0x3e7/0xed0 [ 245.202428][T11742] ? ref_tracker_alloc+0x318/0x460 [ 245.202455][T11742] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 245.202486][T11742] ? tun_get+0x1c/0x2f0 [ 245.202524][T11742] ? tun_get+0x1c/0x2f0 [ 245.202553][T11742] ? tun_get+0x1c/0x2f0 [ 245.202589][T11742] tun_chr_write_iter+0x113/0x200 [ 245.202624][T11742] vfs_write+0x548/0xa90 [ 245.202655][T11742] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 245.202687][T11742] ? __pfx_vfs_write+0x10/0x10 [ 245.202723][T11742] ? __fget_files+0x2a/0x420 [ 245.202763][T11742] ksys_write+0x145/0x250 [ 245.202787][T11742] ? rcu_is_watching+0x15/0xb0 [ 245.202821][T11742] ? __pfx_ksys_write+0x10/0x10 [ 245.202848][T11742] ? do_syscall_64+0xba/0x210 [ 245.202879][T11742] do_syscall_64+0xf6/0x210 [ 245.202907][T11742] ? clear_bhb_loop+0x60/0xb0 [ 245.202932][T11742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.202952][T11742] RIP: 0033:0x7f8e7fd8e969 [ 245.202971][T11742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.202990][T11742] RSP: 002b:00007f8e80bdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 245.203012][T11742] RAX: ffffffffffffffda RBX: 00007f8e7ffb5fa0 RCX: 00007f8e7fd8e969 [ 245.203027][T11742] RDX: 0000000000000ffe RSI: 0000200000000040 RDI: 0000000000000003 [ 245.203040][T11742] RBP: 00007f8e80bdb090 R08: 0000000000000000 R09: 0000000000000000 [ 245.203052][T11742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.203064][T11742] R13: 0000000000000000 R14: 00007f8e7ffb5fa0 R15: 00007ffd2799c848 [ 245.203096][T11742] [ 245.464993][T11498] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.513451][T11522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.532333][T11498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.572713][T11498] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.581760][T11498] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.590611][T11498] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.600123][T11498] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.737926][T11522] veth0_vlan: entered promiscuous mode [ 245.768083][ T8888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.775932][ T8888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.795273][T11522] veth1_vlan: entered promiscuous mode [ 245.891399][ T8889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.899807][ T8889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.954003][T11522] veth0_macvtap: entered promiscuous mode [ 245.986470][T11522] veth1_macvtap: entered promiscuous mode [ 246.061018][T11522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 246.099952][T11760] net_ratelimit: 402 callbacks suppressed [ 246.099971][T11760] openvswitch: netlink: Key 25 has unexpected len 4 expected 16 [ 246.123093][T11522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 246.134633][T11522] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.157541][T11522] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.177229][T11522] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.185974][T11522] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.430300][ T8891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.446507][ T8891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.496373][ T8891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.511457][ T8891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.721604][T11785] netlink: 'syz.4.2089': attribute type 10 has an invalid length. [ 246.756219][T11785] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 246.786321][T11785] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 246.911517][T11793] __nla_validate_parse: 1 callbacks suppressed [ 246.911531][T11793] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2092'. [ 247.013972][T11800] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2095'. [ 247.029048][T11798] openvswitch: netlink: Key 32 has unexpected len 4 expected 2 [ 247.151410][ T8893] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.372534][T11812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2099'. [ 247.776819][ T8893] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.975599][T11836] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2105'. [ 247.980232][ T8893] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.009001][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 248.027191][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 248.035644][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 248.050846][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 248.061915][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 248.160016][ T8893] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.503465][T11850] openvswitch: netlink: Key 23 has unexpected len 4 expected 2 [ 248.588381][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 248.605189][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 248.613879][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 248.622295][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 248.630720][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 248.668945][ T8893] bridge_slave_1: left allmulticast mode [ 248.674632][ T8893] bridge_slave_1: left promiscuous mode [ 248.684053][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.699841][ T8893] bridge_slave_0: left allmulticast mode [ 248.709310][ T8893] bridge_slave_0: left promiscuous mode [ 248.716117][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.750850][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2110'. [ 248.898140][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2111'. [ 249.071455][ T8893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.084957][ T8893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.095813][ T8893] bond0 (unregistering): Released all slaves [ 249.262898][T11837] chnl_net:caif_netlink_parms(): no params data found [ 249.498328][T11876] Set syz0 is full, maxelem 0 reached [ 249.513367][T11876] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2116'. [ 249.566749][T11882] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2115'. [ 249.758955][ T8893] hsr_slave_0: left promiscuous mode [ 249.765175][ T8893] hsr_slave_1: left promiscuous mode [ 249.771767][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.780739][ T8893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.790262][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.799204][ T8893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.820768][ T8893] veth1_macvtap: left promiscuous mode [ 249.826415][ T8893] veth0_macvtap: left promiscuous mode [ 249.833277][ T8893] veth1_vlan: left promiscuous mode [ 249.838733][ T8893] veth0_vlan: left promiscuous mode [ 250.123058][ T55] Bluetooth: hci2: command tx timeout [ 250.240228][T11898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2119'. [ 250.364771][ T8893] team0 (unregistering): Port device team_slave_1 removed [ 250.403925][ T8893] team0 (unregistering): Port device team_slave_0 removed [ 250.687675][ T55] Bluetooth: hci3: command tx timeout [ 250.880616][T11837] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.897854][T11837] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.905122][T11837] bridge_slave_0: entered allmulticast mode [ 250.925868][T11837] bridge_slave_0: entered promiscuous mode [ 250.945281][T11837] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.968954][T11837] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.976250][T11837] bridge_slave_1: entered allmulticast mode [ 250.993821][T11837] bridge_slave_1: entered promiscuous mode [ 251.012571][T11912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2124'. [ 251.025783][T11910] netlink: 'syz.3.2123': attribute type 10 has an invalid length. [ 251.123115][T11910] team0: Cannot enslave team device to itself [ 251.245074][T11837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.285069][T11837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.295528][T11923] Set syz0 is full, maxelem 0 reached [ 251.452630][T11852] chnl_net:caif_netlink_parms(): no params data found [ 251.494678][T11837] team0: Port device team_slave_0 added [ 251.510759][T11837] team0: Port device team_slave_1 added [ 251.613363][T11837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.622060][T11837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.649200][T11837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.735108][T11837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.769042][T11837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.827647][T11837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.853090][T11947] netlink: 'syz.4.2134': attribute type 1 has an invalid length. [ 251.862912][T11947] netlink: 'syz.4.2134': attribute type 2 has an invalid length. [ 252.079567][T11958] netlink: 'syz.1.2138': attribute type 8 has an invalid length. [ 252.103523][T11837] hsr_slave_0: entered promiscuous mode [ 252.114258][T11837] hsr_slave_1: entered promiscuous mode [ 252.146255][T11962] __nla_validate_parse: 4 callbacks suppressed [ 252.146274][T11962] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2139'. [ 252.164560][T11963] netlink: 'syz.3.2136': attribute type 10 has an invalid length. [ 252.173560][T11963] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2136'. [ 252.197587][ T55] Bluetooth: hci2: command tx timeout [ 252.203942][T11852] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.228474][T11852] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.235818][T11852] bridge_slave_0: entered allmulticast mode [ 252.262824][T11852] bridge_slave_0: entered promiscuous mode [ 252.285285][T11963] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.306625][T11963] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.322117][T11963] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.331727][T11963] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.415528][T11963] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.441752][T11963] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.467192][T11963] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.475927][T11963] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.506464][T11963] team0: Port device geneve0 added [ 252.543689][T11852] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.559412][T11852] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.566645][T11852] bridge_slave_1: entered allmulticast mode [ 252.582223][T11852] bridge_slave_1: entered promiscuous mode [ 252.607818][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2143'. [ 252.650676][ T8893] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.726974][T11981] dvmrp0: entered allmulticast mode [ 252.758302][ T55] Bluetooth: hci3: command tx timeout [ 252.776338][T11852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.799368][ T8893] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.823805][T11852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.906913][T11852] team0: Port device team_slave_0 added [ 252.918671][T11852] team0: Port device team_slave_1 added [ 252.946710][ T8893] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.045705][ T8893] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.093905][T11988] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2146'. [ 253.113116][T11852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.120382][T11852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.147319][T11852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.160997][T11852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.168866][T11852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.195239][T11852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.301079][T11988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.319884][T11988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.341900][T11988] bond0 (unregistering): Released all slaves [ 253.583088][T11852] hsr_slave_0: entered promiscuous mode [ 253.608903][T11852] hsr_slave_1: entered promiscuous mode [ 253.615629][T11852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 253.631385][T11852] Cannot create hsr debugfs directory [ 253.877064][T12005] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2150'. [ 254.004502][ T8893] bridge_slave_1: left allmulticast mode [ 254.017378][ T8893] bridge_slave_1: left promiscuous mode [ 254.026145][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.059516][ T8893] bridge_slave_0: left allmulticast mode [ 254.070649][ T8893] bridge_slave_0: left promiscuous mode [ 254.077319][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.276625][T12016] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2154'. [ 254.286343][ T55] Bluetooth: hci2: command tx timeout [ 254.300583][T12016] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2154'. [ 254.649642][ T8893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.676584][ T8893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.714155][ T8893] bond0 (unregistering): Released all slaves [ 254.838129][ T55] Bluetooth: hci3: command tx timeout [ 254.946290][T12037] netlink: 'syz.1.2157': attribute type 3 has an invalid length. [ 254.972459][T12037] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20000 [ 255.049724][T12043] openvswitch: netlink: ct_state flags 05a50095 unsupported [ 255.191207][T12047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2162'. [ 255.312503][T12052] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2164'. [ 255.346565][ T8893] hsr_slave_0: left promiscuous mode [ 255.358837][ T8893] hsr_slave_1: left promiscuous mode [ 255.364980][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.378356][ T8893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.386637][ T8893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.400857][ T8893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.425396][ T8893] veth1_macvtap: left promiscuous mode [ 255.431255][ T8893] veth0_macvtap: left promiscuous mode [ 255.436857][ T8893] veth1_vlan: left promiscuous mode [ 255.442461][ T8893] veth0_vlan: left promiscuous mode [ 255.584170][T12065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2168'. [ 255.894422][ T8893] team0 (unregistering): Port device team_slave_1 removed [ 255.931695][ T8893] team0 (unregistering): Port device team_slave_0 removed [ 256.263211][T12052] 0ªÃøÂFNð¡: renamed from bond_slave_0 (while UP) [ 256.274833][T12052] 0ªÃøÂFNð¡: entered allmulticast mode [ 256.310679][T12064] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 256.357787][ T55] Bluetooth: hci2: command tx timeout [ 256.375610][T12065] 8021q: adding VLAN 0 to HW filter on device team1 [ 256.400097][T11837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 256.449643][T11837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 256.526828][T11837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 256.562766][T11837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 256.721888][T12078] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 256.918083][ T55] Bluetooth: hci3: command tx timeout [ 257.220760][T11852] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 257.415651][T11852] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 257.569417][T12090] Set syz0 is full, maxelem 0 reached [ 257.575595][T12090] __nla_validate_parse: 1 callbacks suppressed [ 257.575621][T12090] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2175'. [ 257.621675][T11852] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 257.727638][T11837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.734718][T11852] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 257.781295][T11837] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.823781][ T8889] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.831042][ T8889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.859571][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2176'. [ 257.875254][ T8883] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.882484][ T8883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.913956][T12094] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2177'. [ 258.080191][T12094] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2177'. [ 258.303929][T11852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.372413][T11852] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.454732][T12105] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.472614][T12105] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 258.499744][ T8883] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.506934][ T8883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.538422][T12109] tipc: Enabling of bearer rejected, failed to enable media [ 258.555460][ T8889] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.562693][ T8889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.855230][T11837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.013774][T12125] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2184'. [ 259.024623][T11837] veth0_vlan: entered promiscuous mode [ 259.061790][T11837] veth1_vlan: entered promiscuous mode [ 259.162764][T11837] veth0_macvtap: entered promiscuous mode [ 259.193993][T11837] veth1_macvtap: entered promiscuous mode [ 259.258325][T11837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.295935][T11837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.333928][T11837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.380747][T11837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.407233][T11837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.436571][T11837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.476859][T12129] netlink: 'syz.4.2185': attribute type 8 has an invalid length. [ 259.528317][T12131] Set syz0 is full, maxelem 0 reached [ 259.534467][T12131] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2186'. [ 259.623534][T11852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.645991][T12136] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2189'. [ 259.801009][T12136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2189'. [ 259.914208][T12146] gretap0: entered promiscuous mode [ 259.965001][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2191'. [ 260.009928][T12150] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2193'. [ 260.024644][ T8883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.034390][ T8883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.209761][T12150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.220017][T12150] bond_slave_0: left promiscuous mode [ 260.229277][T12150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 260.238640][T12150] bond_slave_1: left promiscuous mode [ 260.245798][T12150] bond0 (unregistering): Released all slaves [ 260.342659][ T8889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.364805][T11852] veth0_vlan: entered promiscuous mode [ 260.374801][ T8889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.414021][T11852] veth1_vlan: entered promiscuous mode [ 260.526245][T11852] veth0_macvtap: entered promiscuous mode [ 260.554749][T11852] veth1_macvtap: entered promiscuous mode [ 260.634254][T12173] nbd: must specify at least one socket [ 260.646020][T12162] netlink: 'syz.4.2195': attribute type 1 has an invalid length. [ 260.659329][T11852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.684933][T11852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.722038][T11852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.742639][T12177] nbd: must specify at least one socket [ 260.749572][T11852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.762138][T11852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.772766][T11852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.020624][ T8883] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.134689][ T8877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.155732][ T8877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.195975][ T8883] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.258943][ T8891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.272500][ T8891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.375425][ T8883] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.452659][ T8883] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.591195][ T8883] bridge_slave_1: left allmulticast mode [ 261.596890][ T8883] bridge_slave_1: left promiscuous mode [ 261.606199][ T8883] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.623290][ T8883] bridge_slave_0: left allmulticast mode [ 261.629315][ T8883] bridge_slave_0: left promiscuous mode [ 261.635373][ T8883] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.074081][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 262.086331][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 262.094338][ T8883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 262.104069][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 262.114100][ T8883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.131045][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 262.140123][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 262.148583][ T8883] bond0 (unregistering): Released all slaves [ 262.323207][T12195] netlink: 'syz.4.2203': attribute type 15 has an invalid length. [ 262.394439][T12195] syzkaller1: entered promiscuous mode [ 262.420737][T12195] syzkaller1: entered allmulticast mode [ 262.766990][T12210] netlink: 'syz.1.2205': attribute type 29 has an invalid length. [ 262.793754][T12210] __nla_validate_parse: 2 callbacks suppressed [ 262.793774][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'. [ 262.817692][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 262.832289][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 262.848900][T12213] netlink: 'syz.1.2205': attribute type 29 has an invalid length. [ 262.849875][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 262.865644][T12213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'. [ 262.885098][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 262.893563][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 262.901767][T12218] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 262.909138][ T8883] hsr_slave_0: left promiscuous mode [ 262.921856][ T8883] hsr_slave_1: left promiscuous mode [ 262.933446][ T8883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 262.941739][ T8883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 262.950213][ T8883] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 262.957737][ T8883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 262.979545][ T8883] veth1_macvtap: left promiscuous mode [ 262.985095][ T8883] veth0_macvtap: left promiscuous mode [ 262.992469][ T8883] veth1_vlan: left promiscuous mode [ 262.996748][T12220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'. [ 262.998254][ T8883] veth0_vlan: left promiscuous mode [ 263.436010][ T8883] team0 (unregistering): Port device team_slave_1 removed [ 263.472815][ T8883] team0 (unregistering): Port device team_slave_0 removed [ 263.828255][T12221] tap0: tun_chr_ioctl cmd 1074025672 [ 263.833621][T12221] tap0: ignored: set checksum disabled [ 263.886172][T12222] netlink: 160 bytes leftover after parsing attributes in process `syz.4.2207'. [ 263.972830][T12227] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2209'. [ 264.044134][T12234] xt_cgroup: invalid path, errno=-2 [ 264.204586][ T55] Bluetooth: hci2: command tx timeout [ 264.262994][T12188] chnl_net:caif_netlink_parms(): no params data found [ 264.283830][T12245] tipc: Cannot configure node identity twice [ 264.334969][T12247] netlink: 'syz.4.2214': attribute type 12 has an invalid length. [ 264.380339][T12251] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 264.732671][T12188] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.756670][T12188] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.772676][T12188] bridge_slave_0: entered allmulticast mode [ 264.781178][T12188] bridge_slave_0: entered promiscuous mode [ 264.798666][T12188] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.805947][T12188] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.813357][T12188] bridge_slave_1: entered allmulticast mode [ 264.821441][T12188] bridge_slave_1: entered promiscuous mode [ 264.917444][ T55] Bluetooth: hci3: command tx timeout [ 264.917472][ T5841] Bluetooth: hci0: command tx timeout [ 264.963459][ T3460] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.040755][T12188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.066585][T12188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.129386][ T3460] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.186045][T12211] chnl_net:caif_netlink_parms(): no params data found [ 265.252229][ T3460] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.311861][T12188] team0: Port device team_slave_0 added [ 265.383380][T12188] team0: Port device team_slave_1 added [ 265.465799][T12294] FAULT_INJECTION: forcing a failure. [ 265.465799][T12294] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.483711][T12294] CPU: 1 UID: 0 PID: 12294 Comm: syz.1.2230 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 265.483739][T12294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.483752][T12294] Call Trace: [ 265.483760][T12294] [ 265.483767][T12294] dump_stack_lvl+0x189/0x250 [ 265.483795][T12294] ? __lock_acquire+0xaac/0xd20 [ 265.483823][T12294] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.483849][T12294] ? __pfx__printk+0x10/0x10 [ 265.483866][T12294] ? __might_fault+0xb0/0x130 [ 265.483905][T12294] should_fail_ex+0x414/0x560 [ 265.483929][T12294] _copy_from_iter+0x1db/0x15a0 [ 265.483976][T12294] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 265.484008][T12294] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 265.484037][T12294] ? __pfx__copy_from_iter+0x10/0x10 [ 265.484066][T12294] ? __build_skb_around+0x257/0x3e0 [ 265.484098][T12294] ? netlink_sendmsg+0x642/0xb30 [ 265.484121][T12294] ? skb_put+0x11b/0x210 [ 265.484158][T12294] netlink_sendmsg+0x6b2/0xb30 [ 265.484195][T12294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.484224][T12294] ? aa_sock_msg_perm+0x94/0x160 [ 265.484251][T12294] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 265.484277][T12294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.484304][T12294] __sock_sendmsg+0x219/0x270 [ 265.484330][T12294] ____sys_sendmsg+0x505/0x830 [ 265.484367][T12294] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.484408][T12294] ? import_iovec+0x74/0xa0 [ 265.484442][T12294] ___sys_sendmsg+0x21f/0x2a0 [ 265.484475][T12294] ? __pfx____sys_sendmsg+0x10/0x10 [ 265.484546][T12294] ? __fget_files+0x2a/0x420 [ 265.484575][T12294] ? __fget_files+0x3a0/0x420 [ 265.484616][T12294] __x64_sys_sendmsg+0x19b/0x260 [ 265.484650][T12294] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 265.484700][T12294] ? do_syscall_64+0xba/0x210 [ 265.484733][T12294] do_syscall_64+0xf6/0x210 [ 265.484764][T12294] ? clear_bhb_loop+0x60/0xb0 [ 265.484790][T12294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.484811][T12294] RIP: 0033:0x7f8e7fd8e969 [ 265.484830][T12294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.484850][T12294] RSP: 002b:00007f8e80bdb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.484872][T12294] RAX: ffffffffffffffda RBX: 00007f8e7ffb5fa0 RCX: 00007f8e7fd8e969 [ 265.484888][T12294] RDX: 0000000000044000 RSI: 0000200000000540 RDI: 0000000000000003 [ 265.484901][T12294] RBP: 00007f8e80bdb090 R08: 0000000000000000 R09: 0000000000000000 [ 265.484914][T12294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.484927][T12294] R13: 0000000000000000 R14: 00007f8e7ffb5fa0 R15: 00007ffd2799c848 [ 265.484961][T12294] [ 265.785837][ T3460] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.912954][T12188] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 265.931915][T12188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 265.968329][T12303] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2234'. [ 265.982061][T12188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.209558][T12188] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.216874][T12188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.261838][T12188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.288432][ T55] Bluetooth: hci2: command tx timeout [ 266.332336][T12303] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2234'. [ 266.444676][T12326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2238'. [ 266.469000][T12211] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.476259][T12211] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.484202][T12326] openvswitch: netlink: Flow actions attr not present in new flow. [ 266.501638][T12211] bridge_slave_0: entered allmulticast mode [ 266.529016][T12211] bridge_slave_0: entered promiscuous mode [ 266.600863][T12211] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.612309][T12211] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.637780][T12211] bridge_slave_1: entered allmulticast mode [ 266.647462][T12211] bridge_slave_1: entered promiscuous mode [ 266.693518][T12334] netlink: 'syz.1.2242': attribute type 58 has an invalid length. [ 266.701680][T12334] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2242'. [ 266.782006][T12211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 266.813497][T12338] nft_compat: unsupported protocol 0 [ 266.865398][T12188] hsr_slave_0: entered promiscuous mode [ 266.892685][T12188] hsr_slave_1: entered promiscuous mode [ 266.973258][T12211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 267.001209][ T55] Bluetooth: hci3: command tx timeout [ 267.136926][T12211] team0: Port device team_slave_0 added [ 267.145427][ T3460] bridge_slave_1: left allmulticast mode [ 267.155905][ T3460] bridge_slave_1: left promiscuous mode [ 267.163303][ T3460] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.173783][ T3460] bridge_slave_0: left allmulticast mode [ 267.179759][ T3460] bridge_slave_0: left promiscuous mode [ 267.185457][ T3460] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.214195][T12355] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2248'. [ 267.503416][ T3460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.515353][ T3460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.528291][ T3460] bond0 (unregistering): Released all slaves [ 267.560935][T12211] team0: Port device team_slave_1 added [ 267.662422][T12357] xt_policy: too many policy elements [ 267.674387][T12359] xt_policy: too many policy elements [ 267.734793][T12211] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.742025][T12211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.769523][T12211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.792017][T12211] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.802768][T12211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.806818][T12363] FAULT_INJECTION: forcing a failure. [ 267.806818][T12363] name failslab, interval 1, probability 0, space 0, times 0 [ 267.849388][T12363] CPU: 1 UID: 0 PID: 12363 Comm: syz.1.2251 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 267.849418][T12363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.849432][T12363] Call Trace: [ 267.849440][T12363] [ 267.849449][T12363] dump_stack_lvl+0x189/0x250 [ 267.849488][T12363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.849519][T12363] ? __pfx__printk+0x10/0x10 [ 267.849547][T12363] ? __pfx___might_resched+0x10/0x10 [ 267.849566][T12363] ? fs_reclaim_acquire+0x7d/0x100 [ 267.849604][T12363] should_fail_ex+0x414/0x560 [ 267.849638][T12363] should_failslab+0xa8/0x100 [ 267.849669][T12363] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 267.849697][T12363] ? __alloc_skb+0x112/0x2d0 [ 267.849729][T12363] __alloc_skb+0x112/0x2d0 [ 267.849760][T12363] netlink_ack+0x146/0xa50 [ 267.849803][T12363] netlink_rcv_skb+0x2a0/0x490 [ 267.849840][T12363] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 267.849873][T12363] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 267.849911][T12363] ? apparmor_capable+0x137/0x1b0 [ 267.849943][T12363] ? bpf_lsm_capable+0x9/0x20 [ 267.849972][T12363] ? security_capable+0x7e/0x2e0 [ 267.850003][T12363] nfnetlink_rcv+0x273/0x2530 [ 267.850036][T12363] ? __dev_queue_xmit+0x27e/0x3a70 [ 267.850065][T12363] ? __dev_queue_xmit+0x27e/0x3a70 [ 267.850093][T12363] ? __dev_queue_xmit+0x27e/0x3a70 [ 267.850125][T12363] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 267.850165][T12363] ? __dev_queue_xmit+0x27e/0x3a70 [ 267.850196][T12363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.850221][T12363] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 267.850257][T12363] ? __pfx___dev_queue_xmit+0x10/0x10 [ 267.850321][T12363] ? ref_tracker_free+0x63a/0x7d0 [ 267.850343][T12363] ? __copy_skb_header+0xa7/0x550 [ 267.850380][T12363] ? __pfx_ref_tracker_free+0x10/0x10 [ 267.850403][T12363] ? __skb_clone+0x63/0x7a0 [ 267.850438][T12363] ? __skb_clone+0x483/0x7a0 [ 267.850476][T12363] ? skb_clone+0x246/0x3a0 [ 267.850510][T12363] ? __netlink_deliver_tap+0x807/0x850 [ 267.850535][T12363] ? netlink_deliver_tap+0x2e/0x1b0 [ 267.850567][T12363] ? netlink_deliver_tap+0x2e/0x1b0 [ 267.850591][T12363] ? netlink_deliver_tap+0x2e/0x1b0 [ 267.850633][T12363] netlink_unicast+0x75b/0x8d0 [ 267.850667][T12363] netlink_sendmsg+0x805/0xb30 [ 267.850703][T12363] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.850732][T12363] ? aa_sock_msg_perm+0x94/0x160 [ 267.850758][T12363] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 267.850782][T12363] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.850809][T12363] __sock_sendmsg+0x219/0x270 [ 267.850835][T12363] ____sys_sendmsg+0x505/0x830 [ 267.850871][T12363] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.850911][T12363] ? import_iovec+0x74/0xa0 [ 267.850946][T12363] ___sys_sendmsg+0x21f/0x2a0 [ 267.850979][T12363] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.851046][T12363] ? __fget_files+0x2a/0x420 [ 267.851070][T12363] ? __fget_files+0x3a0/0x420 [ 267.851111][T12363] __x64_sys_sendmsg+0x19b/0x260 [ 267.851143][T12363] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 267.851192][T12363] ? do_syscall_64+0xba/0x210 [ 267.851226][T12363] do_syscall_64+0xf6/0x210 [ 267.851255][T12363] ? clear_bhb_loop+0x60/0xb0 [ 267.851281][T12363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.851302][T12363] RIP: 0033:0x7f8e7fd8e969 [ 267.851320][T12363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.851339][T12363] RSP: 002b:00007f8e80bdb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 267.851361][T12363] RAX: ffffffffffffffda RBX: 00007f8e7ffb5fa0 RCX: 00007f8e7fd8e969 [ 267.851376][T12363] RDX: 0000000000044000 RSI: 0000200000000540 RDI: 0000000000000003 [ 267.851389][T12363] RBP: 00007f8e80bdb090 R08: 0000000000000000 R09: 0000000000000000 [ 267.851402][T12363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.851414][T12363] R13: 0000000000000000 R14: 00007f8e7ffb5fa0 R15: 00007ffd2799c848 [ 267.851448][T12363] [ 267.851667][T12211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 268.264527][T12361] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 268.357404][ T55] Bluetooth: hci2: command tx timeout [ 268.543907][T12382] openvswitch: netlink: ct_state flags 0000ee01 unsupported [ 268.574314][T12211] hsr_slave_0: entered promiscuous mode [ 268.581434][T12211] hsr_slave_1: entered promiscuous mode [ 268.588459][T12211] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 268.596141][T12211] Cannot create hsr debugfs directory [ 268.621082][T12382] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 268.709877][ T3460] hsr_slave_0: left promiscuous mode [ 268.716117][ T3460] hsr_slave_1: left promiscuous mode [ 268.728596][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.736130][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.750723][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.761640][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.791838][ T3460] veth1_macvtap: left promiscuous mode [ 268.800863][ T3460] veth0_macvtap: left promiscuous mode [ 268.806747][ T3460] veth1_vlan: left promiscuous mode [ 268.814015][ T3460] veth0_vlan: left promiscuous mode [ 269.079666][ T55] Bluetooth: hci3: command tx timeout [ 269.281209][ T3460] team0 (unregistering): Port device team_slave_1 removed [ 269.321051][ T3460] team0 (unregistering): Port device team_slave_0 removed [ 269.719881][T12393] bond0: (slave 00ªÃøÂFNð¡): Releasing backup interface [ 269.727726][T12393] 0ªÃøÂFNð¡: left promiscuous mode [ 269.745874][T12393] bond0: (slave bond_slave_1): Releasing backup interface [ 269.754770][T12393] bond_slave_1: left promiscuous mode [ 269.768773][T12393] team_slave_0: left allmulticast mode [ 269.778462][T12393] team_slave_0: left promiscuous mode [ 269.799273][T12393] team0: Port device team_slave_0 removed [ 269.806700][T12393] team_slave_1: left allmulticast mode [ 269.822858][T12393] team_slave_1: left promiscuous mode [ 269.849395][T12393] team0: Port device team_slave_1 removed [ 269.856132][T12393] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 269.864019][T12393] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.880910][T12393] bond0: (slave wlan1): Releasing backup interface [ 269.888990][T12393] mac80211_hwsim hwsim11 wlan1: left promiscuous mode [ 269.958965][T12381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2255'. [ 270.055645][T12400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2261'. [ 270.151050][T12398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2260'. [ 270.161537][T12402] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2260'. [ 270.215972][T12405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2262'. [ 270.234243][T12405] netlink: 'syz.3.2262': attribute type 10 has an invalid length. [ 270.330785][T12413] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2263'. [ 270.437458][ T5841] Bluetooth: hci2: command tx timeout [ 270.657711][T12425] FAULT_INJECTION: forcing a failure. [ 270.657711][T12425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.671017][T12425] CPU: 0 UID: 0 PID: 12425 Comm: syz.3.2268 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 270.671047][T12425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 270.671061][T12425] Call Trace: [ 270.671070][T12425] [ 270.671080][T12425] dump_stack_lvl+0x189/0x250 [ 270.671121][T12425] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.671153][T12425] ? __pfx__printk+0x10/0x10 [ 270.671189][T12425] should_fail_ex+0x414/0x560 [ 270.671218][T12425] _copy_to_user+0x31/0xb0 [ 270.671251][T12425] simple_read_from_buffer+0xe1/0x170 [ 270.671284][T12425] proc_fail_nth_read+0x1df/0x250 [ 270.671319][T12425] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 270.671355][T12425] ? rw_verify_area+0x258/0x650 [ 270.671378][T12425] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 270.671411][T12425] vfs_read+0x1fd/0x980 [ 270.671442][T12425] ? __pfx___mutex_lock+0x10/0x10 [ 270.671471][T12425] ? __pfx_vfs_read+0x10/0x10 [ 270.671498][T12425] ? __fget_files+0x2a/0x420 [ 270.671531][T12425] ? __fget_files+0x3a0/0x420 [ 270.671559][T12425] ? __fget_files+0x2a/0x420 [ 270.671598][T12425] ksys_read+0x145/0x250 [ 270.671628][T12425] ? rcu_is_watching+0x15/0xb0 [ 270.671650][T12425] ? __pfx_ksys_read+0x10/0x10 [ 270.671679][T12425] ? do_syscall_64+0xba/0x210 [ 270.671712][T12425] do_syscall_64+0xf6/0x210 [ 270.671741][T12425] ? clear_bhb_loop+0x60/0xb0 [ 270.671768][T12425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.671789][T12425] RIP: 0033:0x7fed80f8d37c [ 270.671808][T12425] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 270.671827][T12425] RSP: 002b:00007fed81e0e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 270.671849][T12425] RAX: ffffffffffffffda RBX: 00007fed811b5fa0 RCX: 00007fed80f8d37c [ 270.671865][T12425] RDX: 000000000000000f RSI: 00007fed81e0e0a0 RDI: 0000000000000008 [ 270.671878][T12425] RBP: 00007fed81e0e090 R08: 0000000000000000 R09: 0000000000000000 [ 270.671891][T12425] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 270.671905][T12425] R13: 0000000000000000 R14: 00007fed811b5fa0 R15: 00007ffd2b0a0e98 [ 270.671929][T12425] [ 271.127420][T12188] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 271.157196][ T5841] Bluetooth: hci3: command tx timeout [ 271.248720][T12188] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 271.271339][T12188] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 271.271409][T12440] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2272'. [ 271.351429][T12440] 0ªÃøÂFNð¡: renamed from bond_slave_0 [ 271.372167][T12440] 0ªÃøÂFNð¡: entered allmulticast mode [ 271.391092][T12188] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 271.514030][T12211] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 271.540879][T12445] netlink: 'syz.1.2275': attribute type 33 has an invalid length. [ 271.548657][T12211] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 271.562935][T12445] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2275'. [ 271.594495][T12211] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 271.595789][T12445] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2275'. [ 271.622599][T12211] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 271.665299][T12445] bridge0: port 3(dummy0) entered disabled state [ 271.693229][T12445] dummy0 (unregistering): left allmulticast mode [ 271.703306][T12445] bridge0: port 3(dummy0) entered disabled state [ 271.918658][T12188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.926936][T12453] netlink: 'syz.1.2279': attribute type 12 has an invalid length. [ 271.964093][T12188] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.005927][T12454] FAULT_INJECTION: forcing a failure. [ 272.005927][T12454] name failslab, interval 1, probability 0, space 0, times 0 [ 272.022609][T12454] CPU: 0 UID: 0 PID: 12454 Comm: syz.1.2279 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 272.022640][T12454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 272.022653][T12454] Call Trace: [ 272.022662][T12454] [ 272.022672][T12454] dump_stack_lvl+0x189/0x250 [ 272.022713][T12454] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.022744][T12454] ? __pfx__printk+0x10/0x10 [ 272.022782][T12454] should_fail_ex+0x414/0x560 [ 272.022811][T12454] should_failslab+0xa8/0x100 [ 272.022842][T12454] __kmalloc_noprof+0xcb/0x4f0 [ 272.022869][T12454] ? ___neigh_create+0x6d5/0x2260 [ 272.022897][T12454] ___neigh_create+0x6d5/0x2260 [ 272.022926][T12454] ? neigh_lookup+0xb6/0x5e0 [ 272.022948][T12454] ? __pfx_neigh_lookup+0x10/0x10 [ 272.022970][T12454] ? arp_ioctl+0x2f5/0x450 [ 272.023008][T12454] arp_req_set+0x347/0x620 [ 272.023043][T12454] ? __pfx_arp_req_set+0x10/0x10 [ 272.023086][T12454] arp_ioctl+0x302/0x450 [ 272.023120][T12454] ? __pfx_arp_ioctl+0x10/0x10 [ 272.023175][T12454] inet_ioctl+0x36e/0x4c0 [ 272.023209][T12454] ? __pfx_inet_ioctl+0x10/0x10 [ 272.023263][T12454] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 272.023287][T12454] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 272.023318][T12454] sock_do_ioctl+0xd9/0x300 [ 272.023351][T12454] ? __pfx_sock_do_ioctl+0x10/0x10 [ 272.023373][T12454] ? __lock_acquire+0xaac/0xd20 [ 272.023418][T12454] sock_ioctl+0x576/0x790 [ 272.023441][T12454] ? __pfx_sock_ioctl+0x10/0x10 [ 272.023465][T12454] ? __fget_files+0x3a0/0x420 [ 272.023493][T12454] ? __fget_files+0x2a/0x420 [ 272.023527][T12454] ? bpf_lsm_file_ioctl+0x9/0x20 [ 272.023555][T12454] ? __pfx_sock_ioctl+0x10/0x10 [ 272.023575][T12454] __se_sys_ioctl+0xf9/0x170 [ 272.023601][T12454] do_syscall_64+0xf6/0x210 [ 272.023631][T12454] ? clear_bhb_loop+0x60/0xb0 [ 272.023659][T12454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.023679][T12454] RIP: 0033:0x7f8e7fd8e969 [ 272.023698][T12454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.023716][T12454] RSP: 002b:00007f8e80bba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.023738][T12454] RAX: ffffffffffffffda RBX: 00007f8e7ffb6080 RCX: 00007f8e7fd8e969 [ 272.023753][T12454] RDX: 0000200000000180 RSI: 0000000000008955 RDI: 0000000000000006 [ 272.023767][T12454] RBP: 00007f8e80bba090 R08: 0000000000000000 R09: 0000000000000000 [ 272.023780][T12454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.023792][T12454] R13: 0000000000000000 R14: 00007f8e7ffb6080 R15: 00007ffd2799c848 [ 272.023827][T12454] [ 272.032905][T12456] netlink: 'syz.4.2280': attribute type 10 has an invalid length. [ 272.092123][T12211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.364659][T12456] bond0: (slave C): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 272.398152][T12456] bond0: (slave C): refused to change device type [ 272.438303][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.445506][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.479467][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.486751][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.590119][T12458] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2281'. [ 272.622491][T12211] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.673565][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.680794][ T8891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.699710][ T8891] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.706896][ T8891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.965085][T12483] netlink: 'syz.1.2285': attribute type 5 has an invalid length. [ 273.054811][T12483] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 273.064347][T12483] syzkaller0: entered allmulticast mode [ 273.186494][T12188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.237507][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 273.303634][T12495] netlink: 'syz.4.2289': attribute type 12 has an invalid length. [ 273.412672][T12188] veth0_vlan: entered promiscuous mode [ 273.446976][T12188] veth1_vlan: entered promiscuous mode [ 273.471107][T12211] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.583908][T12188] veth0_macvtap: entered promiscuous mode [ 273.624089][T12188] veth1_macvtap: entered promiscuous mode [ 273.673781][T12211] veth0_vlan: entered promiscuous mode [ 273.704684][T12211] veth1_vlan: entered promiscuous mode [ 273.719460][T12188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 273.760974][T12188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 273.765995][T12507] netlink: 'syz.4.2293': attribute type 10 has an invalid length. [ 273.807900][T12504] netlink: 'syz.3.2292': attribute type 34 has an invalid length. [ 273.826666][T12188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.851587][T12188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.867521][T12188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.897348][T12188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.913570][T12512] netlink: 'syz.4.2294': attribute type 12 has an invalid length. [ 273.998595][T12515] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 274.050414][T12211] veth0_macvtap: entered promiscuous mode [ 274.073160][T12211] veth1_macvtap: entered promiscuous mode [ 274.150884][T12211] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 274.202421][T12211] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 274.239789][ T8888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.249998][ T8888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.261088][T12211] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.270860][T12211] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.280596][T12211] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.291536][T12211] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.346255][ T8883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.371048][ T8883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.725492][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.748580][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.803785][ T8891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 274.811903][ T8891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 274.954880][T12536] bond5: entered promiscuous mode [ 274.960097][T12536] bond5: entered allmulticast mode [ 274.965715][T12536] 8021q: adding VLAN 0 to HW filter on device bond5 [ 275.232633][T12536] bond5 (unregistering): Released all slaves [ 275.335088][ T8891] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.424118][ T8891] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.670730][ T8891] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.865564][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 275.874265][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 275.884539][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 275.893635][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 275.904136][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 275.974704][ T8891] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.133170][T12544] chnl_net:caif_netlink_parms(): no params data found [ 276.322275][ T8891] bridge_slave_1: left allmulticast mode [ 276.338403][ T8891] bridge_slave_1: left promiscuous mode [ 276.351153][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.375323][ T8891] bridge_slave_0: left allmulticast mode [ 276.388655][ T8891] bridge_slave_0: left promiscuous mode [ 276.400870][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.495512][T12560] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 276.742197][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 276.751729][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 276.768956][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 276.782229][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 276.790531][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 276.983547][ T8891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.994861][ T8891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 277.006404][ T8891] bond0 (unregistering): Released all slaves [ 277.198582][T12574] netlink: 'syz.4.2308': attribute type 12 has an invalid length. [ 277.536208][T12544] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.547548][T12584] FAULT_INJECTION: forcing a failure. [ 277.547548][T12584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.564542][T12544] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.580639][T12544] bridge_slave_0: entered allmulticast mode [ 277.595258][T12544] bridge_slave_0: entered promiscuous mode [ 277.620391][T12544] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.639563][T12598] netlink: 'syz.3.2312': attribute type 1 has an invalid length. [ 277.642747][T12544] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.654449][T12584] CPU: 0 UID: 0 PID: 12584 Comm: syz.4.2308 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 277.654478][T12584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.654492][T12584] Call Trace: [ 277.654501][T12584] [ 277.654510][T12584] dump_stack_lvl+0x189/0x250 [ 277.654550][T12584] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.654582][T12584] ? __pfx__printk+0x10/0x10 [ 277.654618][T12584] should_fail_ex+0x414/0x560 [ 277.654647][T12584] _copy_to_user+0x31/0xb0 [ 277.654682][T12584] simple_read_from_buffer+0xe1/0x170 [ 277.654715][T12584] proc_fail_nth_read+0x1df/0x250 [ 277.654750][T12584] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.654786][T12584] ? rw_verify_area+0x258/0x650 [ 277.654810][T12584] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 277.654843][T12584] vfs_read+0x1fd/0x980 [ 277.654874][T12584] ? __pfx___mutex_lock+0x10/0x10 [ 277.654910][T12584] ? __pfx_vfs_read+0x10/0x10 [ 277.654937][T12584] ? __fget_files+0x2a/0x420 [ 277.654971][T12584] ? __fget_files+0x3a0/0x420 [ 277.654999][T12584] ? __fget_files+0x2a/0x420 [ 277.655039][T12584] ksys_read+0x145/0x250 [ 277.655062][T12584] ? rcu_is_watching+0x15/0xb0 [ 277.655084][T12584] ? __pfx_ksys_read+0x10/0x10 [ 277.655113][T12584] ? do_syscall_64+0xba/0x210 [ 277.655147][T12584] do_syscall_64+0xf6/0x210 [ 277.655176][T12584] ? clear_bhb_loop+0x60/0xb0 [ 277.655203][T12584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.655224][T12584] RIP: 0033:0x7fa1ab58d37c [ 277.655242][T12584] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 277.655261][T12584] RSP: 002b:00007fa1ac3a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 277.655283][T12584] RAX: ffffffffffffffda RBX: 00007fa1ab7b6080 RCX: 00007fa1ab58d37c [ 277.655299][T12584] RDX: 000000000000000f RSI: 00007fa1ac3a40a0 RDI: 0000000000000007 [ 277.655312][T12584] RBP: 00007fa1ac3a4090 R08: 0000000000000000 R09: 0000000000000000 [ 277.655325][T12584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.655338][T12584] R13: 0000000000000000 R14: 00007fa1ab7b6080 R15: 00007ffc6d9dd818 [ 277.655373][T12584] [ 277.875616][T12544] bridge_slave_1: entered allmulticast mode [ 277.884010][T12544] bridge_slave_1: entered promiscuous mode [ 277.967241][ T5841] Bluetooth: hci2: command tx timeout [ 277.998938][T12603] netlink: 'syz.4.2313': attribute type 12 has an invalid length. [ 278.042689][T12598] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 278.207854][T12544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.406645][ T8891] hsr_slave_0: left promiscuous mode [ 278.413639][ T8891] hsr_slave_1: left promiscuous mode [ 278.425353][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.450412][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.473474][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.486576][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.670251][ T8891] veth1_macvtap: left promiscuous mode [ 278.686035][ T8891] veth0_macvtap: left promiscuous mode [ 278.693045][ T8891] veth1_vlan: left promiscuous mode [ 278.699100][ T8891] veth0_vlan: left promiscuous mode [ 278.741282][T12626] __nla_validate_parse: 2 callbacks suppressed [ 278.741301][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2319'. [ 278.757176][T12625] netlink: 'syz.1.2320': attribute type 4 has an invalid length. [ 278.815688][T12626] netlink: 'syz.4.2319': attribute type 3 has an invalid length. [ 278.843938][ T5841] Bluetooth: hci3: command tx timeout [ 278.934178][T12632] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2321'. [ 279.432628][ T8891] team0 (unregistering): Port device team_slave_1 removed [ 279.471431][ T8891] team0 (unregistering): Port device team_slave_0 removed [ 279.813689][T12544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.822966][T12621] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2318'. [ 279.847412][T12565] chnl_net:caif_netlink_parms(): no params data found [ 279.997499][T12544] team0: Port device team_slave_0 added [ 280.033898][T12544] team0: Port device team_slave_1 added [ 280.040697][ T5841] Bluetooth: hci2: command tx timeout [ 280.166368][T12644] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.178248][T12644] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.409215][T12544] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.422602][T12544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.466458][T12544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.529666][T12544] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.536733][T12544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.575158][T12544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.603694][T12565] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.618866][T12565] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.626228][T12565] bridge_slave_0: entered allmulticast mode [ 280.641153][T12565] bridge_slave_0: entered promiscuous mode [ 280.647048][T12669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2331'. [ 280.688701][T12565] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.697444][T12565] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.715052][T12565] bridge_slave_1: entered allmulticast mode [ 280.743999][T12565] bridge_slave_1: entered promiscuous mode [ 280.781370][T12671] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2331'. [ 280.824213][T12673] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 280.842698][T12544] hsr_slave_0: entered promiscuous mode [ 280.868623][T12544] hsr_slave_1: entered promiscuous mode [ 280.917577][T12565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.928248][ T5841] Bluetooth: hci3: command tx timeout [ 280.952351][T12679] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2333'. [ 281.010270][T12565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.023209][T12677] x_tables: unsorted underflow at hook 3 [ 281.035593][T12677] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2333'. [ 281.186141][T12677] bond0 (unregistering): Released all slaves [ 281.273156][T12565] team0: Port device team_slave_0 added [ 281.373557][ T8891] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.404108][T12565] team0: Port device team_slave_1 added [ 281.572677][ T8891] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.610561][T12565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.638940][T12565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.666821][T12565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.682473][T12565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.689772][T12565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 281.720076][T12565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.780554][ T8891] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.839457][T12706] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 281.862126][T12709] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2339'. [ 281.929571][T12712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2340'. [ 281.942578][ T8891] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.106064][T12715] xt_CT: No such helper "pptp" [ 282.118030][ T5841] Bluetooth: hci2: command tx timeout [ 282.212183][T12565] hsr_slave_0: entered promiscuous mode [ 282.233801][T12565] hsr_slave_1: entered promiscuous mode [ 282.249514][T12565] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.259056][T12565] Cannot create hsr debugfs directory [ 282.433247][T12730] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 282.438077][T12731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2347'. [ 282.716731][ T8891] bridge_slave_1: left allmulticast mode [ 282.722247][T12748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.724927][ T8891] bridge_slave_1: left promiscuous mode [ 282.743989][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.753163][ T8891] bridge_slave_0: left allmulticast mode [ 282.760261][ T8891] bridge_slave_0: left promiscuous mode [ 282.766036][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.000200][ T5841] Bluetooth: hci3: command tx timeout [ 283.093773][ T8891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.106181][ T8891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.117964][ T8891] bond0 (unregistering): Released all slaves [ 283.361794][T12760] batadv0: Device is already in use. [ 283.602653][ T8891] hsr_slave_0: left promiscuous mode [ 283.609943][ T8891] hsr_slave_1: left promiscuous mode [ 283.616093][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.624790][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.633945][ T8891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.641791][ T8891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.670408][ T8891] veth1_macvtap: left promiscuous mode [ 283.676164][ T8891] veth0_macvtap: left promiscuous mode [ 283.682365][ T8891] veth1_vlan: left promiscuous mode [ 283.687929][ T8891] veth0_vlan: left promiscuous mode [ 283.877319][ T5841] Bluetooth: hci0: command tx timeout [ 284.112570][ T8891] team0 (unregistering): Port device team_slave_1 removed [ 284.151936][ T8891] team0 (unregistering): Port device team_slave_0 removed [ 284.198243][ T5841] Bluetooth: hci2: command tx timeout [ 284.599418][T12772] netlink: 'syz.1.2360': attribute type 34 has an invalid length. [ 284.882216][T12544] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 284.928357][T12788] netlink: 'syz.1.2365': attribute type 16 has an invalid length. [ 284.953785][T12789] __nla_validate_parse: 1 callbacks suppressed [ 284.953808][T12789] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2365'. [ 284.971338][T12788] netlink: 'syz.1.2365': attribute type 17 has an invalid length. [ 284.991907][T12544] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 285.023116][T12544] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 285.038147][T12544] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 285.077574][ T5841] Bluetooth: hci3: command tx timeout [ 285.239841][T12795] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2366'. [ 286.812665][T12788] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.835200][T12788] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.844983][T12788] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.853398][T12788] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.280610][T12565] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 287.319124][T12565] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 287.442099][T12565] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 287.480535][T12565] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 287.587028][T12815] ipt_ECN: cannot use operation on non-tcp rule [ 287.742429][T12544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.764966][T12821] netlink: 'syz.1.2371': attribute type 21 has an invalid length. [ 287.819991][T12565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.863389][T12544] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.908333][ T8883] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.915575][ T8883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.951823][ T8883] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.959072][ T8883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.995541][T12828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2373'. [ 288.026241][T12565] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.045669][T12828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2373'. [ 288.126290][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.133543][ T8877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.224447][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.231712][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.285911][T12544] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 288.304251][T12544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 288.430199][T12837] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2376'. [ 288.481264][T12837] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2376'. [ 288.498931][T12837] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2376'. [ 288.572341][T12845] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2376'. [ 288.859984][T12544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.905134][T12565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.050454][T12544] veth0_vlan: entered promiscuous mode [ 289.116843][T12565] veth0_vlan: entered promiscuous mode [ 289.140952][T12544] veth1_vlan: entered promiscuous mode [ 289.187731][T12565] veth1_vlan: entered promiscuous mode [ 289.280734][T12565] veth0_macvtap: entered promiscuous mode [ 289.303811][T12565] veth1_macvtap: entered promiscuous mode [ 289.356925][T12857] batadv0: Device is already in use. [ 289.396762][T12544] veth0_macvtap: entered promiscuous mode [ 289.428802][T12565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.442294][T12565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.483197][T12544] veth1_macvtap: entered promiscuous mode [ 289.516141][T12565] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.527039][T12565] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.544165][T12565] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.556237][T12565] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.673941][T12544] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.716500][T12864] sctp: [Deprecated]: syz.1.2383 (pid 12864) Use of struct sctp_assoc_value in delayed_ack socket option. [ 289.716500][T12864] Use struct sctp_sack_info instead [ 289.761833][T12544] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.787494][T12868] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2384'. [ 289.862019][T12544] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.886741][T12544] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.911666][T12544] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.931274][T12544] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.050418][ T8883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.082661][ T8883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.160273][T12880] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2385'. [ 290.294952][ T8883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.327315][ T8883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.337203][ T8889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.345070][ T8889] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.424177][T12889] netlink: 'syz.4.2387': attribute type 1 has an invalid length. [ 290.490945][ T8893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.514456][ T8893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.663292][T12783] Set syz1 is full, maxelem 65536 reached [ 290.669867][T12893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2389'. [ 290.880455][T12900] batadv0: Device is already in use. [ 291.050306][ T3460] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.172594][ T3460] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.290186][ T3460] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.392446][ T3460] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.529673][ T3460] bridge_slave_1: left allmulticast mode [ 291.535489][ T3460] bridge_slave_1: left promiscuous mode [ 291.542194][ T3460] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.553541][ T3460] bridge_slave_0: left allmulticast mode [ 291.565602][ T3460] bridge_slave_0: left promiscuous mode [ 291.571765][ T3460] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.735556][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 291.744953][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 291.753189][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 291.761270][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 291.773936][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 291.969060][ T3460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 291.980409][ T3460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 291.994695][ T3460] bond0 (unregistering): Released all slaves [ 292.580043][T12935] netlink: 'syz.1.2402': attribute type 1 has an invalid length. [ 292.601517][T12935] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2402'. [ 292.614450][T12944] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2403'. [ 292.662330][T12941] xt_CT: No such helper "pptp" [ 292.761560][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 292.779276][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 292.790633][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 292.800758][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 292.812260][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 292.834985][ T3460] hsr_slave_0: left promiscuous mode [ 292.847996][ T3460] hsr_slave_1: left promiscuous mode [ 292.864313][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.876126][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.941939][ T3460] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 292.957211][ T3460] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.042706][T12968] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2407'. [ 293.053082][ T3460] veth1_macvtap: left promiscuous mode [ 293.077278][ T3460] veth0_macvtap: left promiscuous mode [ 293.082964][ T3460] veth1_vlan: left promiscuous mode [ 293.101148][ T3460] veth0_vlan: left promiscuous mode [ 293.542279][ T3460] team0 (unregistering): Port device team_slave_1 removed [ 293.579705][ T3460] team0 (unregistering): Port device team_slave_0 removed [ 293.880666][ T5841] Bluetooth: hci2: command tx timeout [ 294.354838][T12906] chnl_net:caif_netlink_parms(): no params data found [ 294.455821][T12950] chnl_net:caif_netlink_parms(): no params data found [ 294.497700][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2414'. [ 294.664519][T12906] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.671934][T12906] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.682787][T12906] bridge_slave_0: entered allmulticast mode [ 294.698940][T12906] bridge_slave_0: entered promiscuous mode [ 294.711138][T12906] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.718923][T12906] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.726203][T12906] bridge_slave_1: entered allmulticast mode [ 294.734392][T12906] bridge_slave_1: entered promiscuous mode [ 294.805797][ T8877] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.838500][ T5841] Bluetooth: hci3: command tx timeout [ 294.925021][ T8877] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.944563][T12950] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.956241][T12950] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.976796][T12950] bridge_slave_0: entered allmulticast mode [ 294.992746][T12950] bridge_slave_0: entered promiscuous mode [ 295.012430][T12950] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.029960][T12950] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.042438][T12950] bridge_slave_1: entered allmulticast mode [ 295.053438][T12950] bridge_slave_1: entered promiscuous mode [ 295.071917][T12906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.095971][ T8877] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.134898][T13009] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 295.261783][T12906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.319450][ T8877] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.352626][T12950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.380030][T12950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.493833][T12906] team0: Port device team_slave_0 added [ 295.566810][T12950] team0: Port device team_slave_0 added [ 295.592196][T12906] team0: Port device team_slave_1 added [ 295.649591][T12950] team0: Port device team_slave_1 added [ 295.673612][T13037] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 295.736682][T12950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.747651][T12950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.774981][T12950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.791300][T12906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 295.800416][T12906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.828845][T12906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 295.855706][T12950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.863293][T12950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.890354][T12950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 295.902455][T12906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 295.910890][T12906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 295.966101][T12906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 295.969582][ T5841] Bluetooth: hci2: command tx timeout [ 295.995126][T13046] sctp: [Deprecated]: syz.4.2429 (pid 13046) Use of int in max_burst socket option deprecated. [ 295.995126][T13046] Use struct sctp_assoc_value instead [ 296.035772][T13047] xt_CT: You must specify a L4 protocol and not use inversions on it [ 296.141833][T13050] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2430'. [ 296.213444][T12906] hsr_slave_0: entered promiscuous mode [ 296.226967][T12906] hsr_slave_1: entered promiscuous mode [ 296.282140][ T8877] bridge_slave_1: left allmulticast mode [ 296.290180][ T8877] bridge_slave_1: left promiscuous mode [ 296.297424][ T8877] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.312872][ T8877] bridge_slave_0: left allmulticast mode [ 296.319244][ T8877] bridge_slave_0: left promiscuous mode [ 296.325495][ T8877] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.400441][T13060] netlink: 'syz.1.2433': attribute type 10 has an invalid length. [ 296.580716][T13065] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2435'. [ 296.763102][T13065] xt_CT: No such helper "pptp" [ 296.770652][ T8877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.782413][ T8877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.794031][ T8877] bond0 (unregistering): Released all slaves [ 296.814206][T12950] hsr_slave_0: entered promiscuous mode [ 296.822815][T12950] hsr_slave_1: entered promiscuous mode [ 296.829514][T12950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 296.837735][T12950] Cannot create hsr debugfs directory [ 296.917712][ T5841] Bluetooth: hci3: command tx timeout [ 297.030943][T13069] tipc: Enabled bearer , priority 10 [ 297.314255][ T8877] hsr_slave_0: left promiscuous mode [ 297.314331][T13081] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2440'. [ 297.337345][ T8877] hsr_slave_1: left promiscuous mode [ 297.344496][ T8877] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.367189][ T8877] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.398664][ T8877] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.406217][ T8877] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.464185][ T8877] veth1_macvtap: left promiscuous mode [ 297.480248][ T8877] veth0_macvtap: left promiscuous mode [ 297.485998][ T8877] veth1_vlan: left promiscuous mode [ 297.510056][ T8877] veth0_vlan: left promiscuous mode [ 297.615828][T13093] trusted_key: syz.4.2443 sent an empty control message without MSG_MORE. [ 297.730498][T13099] Oops: general protection fault, probably for non-canonical address 0xdffffc00000a2403: 0000 [#1] SMP KASAN PTI [ 297.742453][T13099] KASAN: probably user-memory-access in range [0x0000000000512018-0x000000000051201f] [ 297.752006][T13099] CPU: 0 UID: 0 PID: 13099 Comm: syz.4.2444 Not tainted 6.15.0-rc6-syzkaller-00168-g239af1970bcb #0 PREEMPT(full) [ 297.764083][T13099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.774980][T13099] RIP: 0010:smc_diag_dump_proto+0x4d0/0x1f80 [ 297.781508][T13099] Code: 80 3c 2f 00 74 08 48 89 df e8 4c 3b 1c f7 4c 8b 23 4d 85 e4 0f 84 22 02 00 00 48 89 5c 24 38 49 83 c4 18 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 21 3b 1c f7 4d 8b 2c 24 49 83 c5 [ 297.801424][T13099] RSP: 0018:ffffc9000396ef60 EFLAGS: 00010206 [ 297.807507][T13099] RAX: 00000000000a2403 RBX: ffff88805770f160 RCX: ffff888058169e00 [ 297.815941][T13099] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 297.823925][T13099] RBP: ffffc9000396f2d0 R08: ffff88805770ec5f R09: 1ffff1100aee1d8b [ 297.832517][T13099] R10: dffffc0000000000 R11: ffffed100aee1d8c R12: 0000000000512018 [ 297.840501][T13099] R13: dffffc0000000000 R14: ffff88805770ec00 R15: 1ffff1100aee1e2c [ 297.848485][T13099] FS: 00007fa1ac3836c0(0000) GS:ffff8881260c7000(0000) knlGS:0000000000000000 [ 297.857423][T13099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 297.864013][T13099] CR2: 000020000000e000 CR3: 000000007b072000 CR4: 00000000003526f0 [ 297.871994][T13099] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 297.879986][T13099] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 297.887978][T13099] Call Trace: [ 297.891259][T13099] [ 297.894205][T13099] ? __pfx_smc_diag_dump_proto+0x10/0x10 [ 297.899852][T13099] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 297.905407][T13099] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 297.910957][T13099] ? __phys_addr+0xba/0x170 [ 297.915472][T13099] ? __kasan_kmalloc_large+0x85/0xa0 [ 297.920768][T13099] ? rcu_is_watching+0x15/0xb0 [ 297.925535][T13099] ? rcu_is_watching+0x15/0xb0 [ 297.930310][T13099] ? trace_kmalloc+0x1f/0xd0 [ 297.934919][T13099] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 297.941518][T13099] ? __build_skb_around+0x257/0x3e0 [ 297.946732][T13099] smc_diag_dump+0x59/0xa0 [ 297.951164][T13099] netlink_dump+0x651/0xe70 [ 297.955680][T13099] ? __pfx_netlink_dump+0x10/0x10 [ 297.960735][T13099] ? netlink_lookup+0x30/0x200 [ 297.965505][T13099] ? netlink_lookup+0x30/0x200 [ 297.970276][T13099] ? netlink_lookup+0x30/0x200 [ 297.975049][T13099] __netlink_dump_start+0x5cb/0x7e0 [ 297.980257][T13099] smc_diag_handler_dump+0x178/0x210 [ 297.985553][T13099] ? __pfx_smc_diag_handler_dump+0x10/0x10 [ 297.991385][T13099] ? __pfx_smc_diag_dump+0x10/0x10 [ 297.996849][T13099] ? sock_diag_lock_handler+0x19/0x290 [ 298.002332][T13099] ? sock_diag_lock_handler+0x19/0x290 [ 298.007801][T13099] sock_diag_rcv_msg+0x3d7/0x610 [ 298.012764][T13099] netlink_rcv_skb+0x219/0x490 [ 298.017547][T13099] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 298.023011][T13099] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 298.028313][T13099] ? netlink_deliver_tap+0x2e/0x1b0 [ 298.033520][T13099] ? netlink_deliver_tap+0x2e/0x1b0 [ 298.038732][T13099] netlink_unicast+0x75b/0x8d0 [ 298.043507][T13099] netlink_sendmsg+0x805/0xb30 [ 298.048281][T13099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.053574][T13099] ? aa_sock_msg_perm+0x94/0x160 [ 298.058518][T13099] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 298.063820][T13099] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.069115][T13099] __sock_sendmsg+0x219/0x270 [ 298.073823][T13099] ____sys_sendmsg+0x505/0x830 [ 298.078609][T13099] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.083908][T13099] ? import_iovec+0x74/0xa0 [ 298.088424][T13099] ___sys_sendmsg+0x21f/0x2a0 [ 298.093116][T13099] ? __pfx____sys_sendmsg+0x10/0x10 [ 298.098339][T13099] ? __fget_files+0x2a/0x420 [ 298.102938][T13099] ? __fget_files+0x3a0/0x420 [ 298.107627][T13099] __x64_sys_sendmsg+0x19b/0x260 [ 298.112664][T13099] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 298.118153][T13099] ? do_syscall_64+0xba/0x210 [ 298.122841][T13099] do_syscall_64+0xf6/0x210 [ 298.127353][T13099] ? clear_bhb_loop+0x60/0xb0 [ 298.132042][T13099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.137942][T13099] RIP: 0033:0x7fa1ab58e969 [ 298.142449][T13099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.162154][T13099] RSP: 002b:00007fa1ac383038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.170838][T13099] RAX: ffffffffffffffda RBX: 00007fa1ab7b6160 RCX: 00007fa1ab58e969 [ 298.179005][T13099] RDX: 0000000000000600 RSI: 0000200000000540 RDI: 0000000000000021 [ 298.187676][T13099] RBP: 00007fa1ab610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 298.195653][T13099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.203629][T13099] R13: 0000000000000000 R14: 00007fa1ab7b6160 R15: 00007ffc6d9dd818 [ 298.211621][T13099] [ 298.214730][T13099] Modules linked in: [ 298.219272][T13099] ---[ end trace 0000000000000000 ]--- [ 298.224774][T13099] RIP: 0010:smc_diag_dump_proto+0x4d0/0x1f80 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 298.230863][T13099] Code: 80 3c 2f 00 74 08 48 89 df e8 4c 3b 1c f7 4c 8b 23 4d 85 e4 0f 84 22 02 00 00 48 89 5c 24 38 49 83 c4 18 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 21 3b 1c f7 4d 8b 2c 24 49 83 c5 [ 298.250568][T13099] RSP: 0018:ffffc9000396ef60 EFLAGS: 00010206 [ 298.256869][T13099] RAX: 00000000000a2403 RBX: ffff88805770f160 RCX: ffff888058169e00 [ 298.264882][T13099] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 298.272981][T13099] RBP: ffffc9000396f2d0 R08: ffff88805770ec5f R09: 1ffff1100aee1d8b [ 298.280974][T13099] R10: dffffc0000000000 R11: ffffed100aee1d8c R12: 0000000000512018 [ 298.289083][T13099] R13: dffffc0000000000 R14: ffff88805770ec00 R15: 1ffff1100aee1e2c [ 298.297215][T13099] FS: 00007fa1ac3836c0(0000) GS:ffff8881260c7000(0000) knlGS:0000000000000000 [ 298.306281][T13099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 298.313006][T13099] CR2: 000020000000e000 CR3: 000000007b072000 CR4: 00000000003526f0 [ 298.321444][T13099] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 298.329638][T13099] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 298.337892][T13099] Kernel panic - not syncing: Fatal exception [ 298.344392][T13099] Kernel Offset: disabled [ 298.348853][T13099] Rebooting in 86400 seconds..